Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-36349 (GCVE-0-2024-36349)
Vulnerability from cvelistv5 – Published: 2025-07-08 16:42 – Updated: 2025-07-09 14:00
VLAI?
EPSS
Summary
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
Severity ?
CWE
- CWE-1420 - Exposure of Sensitive Information during Transient Execution
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:00:30.310556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:00:36.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 8004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 4004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9V64H Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2025-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.\u003cbr\u003e"
}
],
"value": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1420",
"description": "CWE-1420 Exposure of Sensitive Information during Transient Execution",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T16:42:17.471Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36349",
"datePublished": "2025-07-08T16:42:17.471Z",
"dateReserved": "2024-05-23T19:44:50.000Z",
"dateUpdated": "2025-07-09T14:00:36.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36349\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2025-07-08T17:15:31.400\",\"lastModified\":\"2025-07-10T13:19:18.800\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ejecuci\u00f3n transitoria en algunos AMD processors puede permitir que un proceso de usuario infiera TSC_AUX incluso cuando dicha lectura est\u00e1 deshabilitada, lo que podr\u00eda provocar una fuga de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html\",\"source\":\"psirt@amd.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36349\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-09T14:00:30.310556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-09T14:00:33.249Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7002 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7003 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 9004 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 8004 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 4004 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 9V64H Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Desktop Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Athlon\\u2122 3000 Series Desktop Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Desktop Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Desktop Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 8000 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 3000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 7000 WX-Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 3000WX Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 5000WX- Series Desktop Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7020 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 6000 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7035 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7040 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 8040 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Mobile Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7002 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7003 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 8004 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 9004 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded 5000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded 7000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V2000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V3000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7002 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Athlon\\u2122 3000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Mobile Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Mobile Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 3000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded R1000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded R2000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V1000 Series Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-07-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1420\", \"description\": \"CWE-1420 Exposure of Sensitive Information during Transient Execution\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2025-07-08T16:42:17.471Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-36349\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-09T14:00:36.439Z\", \"dateReserved\": \"2024-05-23T19:44:50.000Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2025-07-08T16:42:17.471Z\", \"assignerShortName\": \"AMD\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2025:03011-1
Vulnerability from csaf_suse - Published: 2025-08-28 12:06 - Updated: 2025-08-28 12:06Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-11135: enabled CONFIG_X86_INTEL_TSX_MODE_AUTO (bsc#1139073, bsc#1246695).
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-39298:mm/memory-failure: fix handling of dissolved but not taken off from buddy pages (bsc#1227082).
- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664 bsc#1247831).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).
- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).
- ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- Bluetooth: HCI: Set extended advertising data synchronously (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).
- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).
- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- Input: iqs7222 - explicitly define number of external channels (git-fixes).
- Input: xpad - adjust error handling for disconnect (git-fixes).
- Input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- Input: xpad - support Acer NGR 200 Controller (stable-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- Logitech C-270 even more broken (stable-fixes).
- Move upstreamed SCSI and ACPI patches into sorted section
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4.2: fix listxattr to return selinux security label (git-fixes).
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- NFSv4: Always set NLINK even if the server does not support it (git-fixes).
- NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)
- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- Re-enable qmi_wwan for arm64 (bsc#1246113)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'drm/nouveau: check ioctl command codes better' (git-fixes).
- Revert 'drm/xe/xe2: Enable Indirect Ring State support for Xe2' (git-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- Update config files. config/x86_64/default config/arm64/default CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y (bsc#1243678)
- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).
- accel/ivpu: Remove copy engine support (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).
- bonding: Correctly support GSO ESP offload (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).
- devlink: Add support for u64 parameters (jsc#PED-12745).
- devlink: avoid param type value translations (jsc#PED-12745).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).
- disable ZL3073X
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).
- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).
- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).
- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).
- drm/amdgpu: Add kicker device detection (stable-fixes).
- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).
- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).
- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).
- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).
- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).
- drm/mediatek: only announce AFBC if really supported (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/nouveau: check ioctl command codes better (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/xe/bmg: fix compressed VRAM handling (git-fixes).
- drm/xe/guc: Dead CT helper (stable-fixes).
- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).
- drm/xe/guc_submit: add back fix (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).
- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).
- drm/xe: Fix DSB buffer coherency (stable-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Fix early wedge on GuC load failure (git-fixes).
- drm/xe: Fix taking invalid lock on wedge (stable-fixes).
- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).
- drm/xe: Replace double space with single space after comma (stable-fixes).
- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).
- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).
- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix eswitch code memory leak in reset scenario (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- io_uring/timeout: fix multishot updates (bsc#1247021).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).
- kABI workaround for fw_attributes_class_get() (stable-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).
- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-12745).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).
- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).
- netlink: specs: tc: replace underscores with dashes in names (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).
- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).
- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).
- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: make fw_attr_class constant (stable-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: think-lmi: Fix class device unregistration (git-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).
- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb: client: fix parsing of device numbers (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).
- thermal: trip: Use common set of trip type names (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).
- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).
- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: finish link init before RCU publish (git-fixes).
- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rt2x00: fix remove callback type mismatch (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).
- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).
- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).
- x86/cpu: Expose only stepping min/max interface (git-fixes).
- x86/cpu: Introduce new microcode matching helper (git-fixes).
- x86/cpu: Move AMD erratum 1386 table over to 'x86_cpu_id' (git-fixes).
- x86/cpu: Replace PEBS use of 'x86_cpu_desc' use with 'x86_cpu_id' (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-3011,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3011
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2019-11135: enabled CONFIG_X86_INTEL_TSX_MODE_AUTO (bsc#1139073, bsc#1246695).\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-39298:mm/memory-failure: fix handling of dissolved but not taken off from buddy pages (bsc#1227082). \n- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664 bsc#1247831).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).\n- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).\n- ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).\n- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).\n- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).\n- ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- ASoC: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).\n- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- Bluetooth: HCI: Set extended advertising data synchronously (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).\n- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- Bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).\n- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- Documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).\n- Documentation: ACPI: Fix parent device references (git-fixes).\n- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).\n- Fix dma_unmap_sg() nents value (git-fixes)\n- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- HID: core: do not bypass hid_hw_raw_request (stable-fixes).\n- HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- Input: iqs7222 - explicitly define number of external channels (git-fixes).\n- Input: xpad - adjust error handling for disconnect (git-fixes).\n- Input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- Input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- Logitech C-270 even more broken (stable-fixes).\n- Move upstreamed SCSI and ACPI patches into sorted section\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- NFS: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- NFSv4.2: another fix for listxattr (git-fixes).\n- NFSv4.2: fix listxattr to return selinux security label (git-fixes).\n- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- NFSv4: Always set NLINK even if the server does not support it (git-fixes).\n- NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- PCI: endpoint: Fix configfs group list head handling (git-fixes).\n- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- PCI: rockchip-host: Fix \u0027Unexpected Completion\u0027 log message (git-fixes).\n- PM / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- RDMA/core: Rate limit GID cache warning messages (git-fixes)\n- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- RDMA/hns: Drop GFP_NOWARN (git-fixes)\n- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)\n- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- RDMA/hns: Fix accessing uninitialized resources (git-fixes)\n- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)\n- RDMA/hns: Get message length of ack_req from FW (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)\n- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)\n- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)\n- RDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)\n- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- Re-enable qmi_wwan for arm64 (bsc#1246113)\n- Reapply \u0027wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\u0027 (git-fixes).\n- Revert \u0027ACPI: battery: negate current when discharging\u0027 (stable-fixes).\n- Revert \u0027cgroup_freezer: cgroup_freezing: Check if not frozen\u0027 (bsc#1219338).\n- Revert \u0027drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\u0027 (stable-fixes).\n- Revert \u0027drm/nouveau: check ioctl command codes better\u0027 (git-fixes).\n- Revert \u0027drm/xe/xe2: Enable Indirect Ring State support for Xe2\u0027 (git-fixes).\n- Revert \u0027mmc: sdhci: Disable SD card clock before changing parameters\u0027 (git-fixes).\n- Revert \u0027usb: xhci: Implement xhci_handshake_check_state() helper\u0027 (git-fixes).\n- Revert \u0027vgacon: Add check for vc_origin address range in vgacon_scroll()\u0027 (stable-fixes).\n- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- USB: serial: option: add Foxconn T99W640 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- Update config files. config/x86_64/default config/arm64/default CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y (bsc#1243678)\n- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- accel/ivpu: Remove copy engine support (stable-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).\n- bonding: Correctly support GSO ESP offload (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).\n- devlink: Add support for u64 parameters (jsc#PED-12745).\n- devlink: avoid param type value translations (jsc#PED-12745).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).\n- disable ZL3073X\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).\n- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).\n- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).\n- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).\n- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).\n- drm/amd/display: Free memory allocation (stable-fixes).\n- drm/amd/display: fix initial backlight brightness calculation (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).\n- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).\n- drm/amdgpu: Add kicker device detection (stable-fixes).\n- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).\n- drm/amdgpu: Increase reset counter only on success (stable-fixes).\n- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).\n- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).\n- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).\n- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).\n- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).\n- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).\n- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).\n- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).\n- drm/mediatek: only announce AFBC if really supported (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/nouveau: check ioctl command codes better (git-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- drm/xe/bmg: fix compressed VRAM handling (git-fixes).\n- drm/xe/guc: Dead CT helper (stable-fixes).\n- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).\n- drm/xe/guc_submit: add back fix (git-fixes).\n- drm/xe/mocs: Initialize MOCS index early (stable-fixes).\n- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).\n- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).\n- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).\n- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).\n- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).\n- drm/xe/uapi: Correct sync type definition in comments (git-fixes).\n- drm/xe/vf: Disable CSC support on VF (git-fixes).\n- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).\n- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).\n- drm/xe: Fix DSB buffer coherency (stable-fixes).\n- drm/xe: Fix build without debugfs (git-fixes).\n- drm/xe: Fix early wedge on GuC load failure (git-fixes).\n- drm/xe: Fix taking invalid lock on wedge (stable-fixes).\n- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).\n- drm/xe: Replace double space with single space after comma (stable-fixes).\n- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).\n- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).\n- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: fix eswitch code memory leak in reset scenario (git-fixes).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- io_uring/timeout: fix multishot updates (bsc#1247021).\n- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).\n- kABI workaround for fw_attributes_class_get() (stable-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kabi/severities: ignore two unused/dropped symbols from MEI\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).\n- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).\n- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).\n- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).\n- mei: vsc: Event notifier fixes (git-fixes).\n- mei: vsc: Fix \u0027BUG: Invalid wait context\u0027 lockdep error (git-fixes).\n- mei: vsc: Run event callback from a workqueue (git-fixes).\n- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).\n- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netlink: fix policy dump for int with validation callback (jsc#PED-12745).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).\n- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).\n- netlink: specs: tc: replace underscores with dashes in names (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).\n- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).\n- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).\n- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).\n- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: make fw_attr_class constant (stable-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: think-lmi: Fix class device unregistration (git-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.\n- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).\n- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).\n- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).\n- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).\n- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- smb: client: fix parsing of device numbers (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- sprintf.h requires stdarg.h (git-fixes).\n- sprintf.h: mask additional include (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- sunrpc: fix handling of server side tls alerts (git-fixes).\n- supported.conf: Mark ZL3073X modules supported\n- supported.conf: add missing entries for armv7hl\n- supported.conf: move nvme-apple to optional again\n- supported.conf: sort entries again\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).\n- thermal: trip: Use common set of trip type names (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes).\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).\n- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).\n- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: finish link init before RCU publish (git-fixes).\n- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rt2x00: fix remove callback type mismatch (git-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).\n- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).\n- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).\n- x86/cpu: Expose only stepping min/max interface (git-fixes).\n- x86/cpu: Introduce new microcode matching helper (git-fixes).\n- x86/cpu: Move AMD erratum 1386 table over to \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/cpu: Replace PEBS use of \u0027x86_cpu_desc\u0027 use with \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3011,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-3011",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03011-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03011-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503011-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03011-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041413.html"
},
{
"category": "self",
"summary": "SUSE Bug 1139073",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1227082",
"url": "https://bugzilla.suse.com/1227082"
},
{
"category": "self",
"summary": "SUSE Bug 1228664",
"url": "https://bugzilla.suse.com/1228664"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1232089",
"url": "https://bugzilla.suse.com/1232089"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235515",
"url": "https://bugzilla.suse.com/1235515"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1239470",
"url": "https://bugzilla.suse.com/1239470"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240998",
"url": "https://bugzilla.suse.com/1240998"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241200",
"url": "https://bugzilla.suse.com/1241200"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1241537",
"url": "https://bugzilla.suse.com/1241537"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243042",
"url": "https://bugzilla.suse.com/1243042"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243678",
"url": "https://bugzilla.suse.com/1243678"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244337",
"url": "https://bugzilla.suse.com/1244337"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245084",
"url": "https://bugzilla.suse.com/1245084"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245621",
"url": "https://bugzilla.suse.com/1245621"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245664",
"url": "https://bugzilla.suse.com/1245664"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245686",
"url": "https://bugzilla.suse.com/1245686"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245812",
"url": "https://bugzilla.suse.com/1245812"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245955",
"url": "https://bugzilla.suse.com/1245955"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246113",
"url": "https://bugzilla.suse.com/1246113"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246134",
"url": "https://bugzilla.suse.com/1246134"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246179",
"url": "https://bugzilla.suse.com/1246179"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246188",
"url": "https://bugzilla.suse.com/1246188"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246217",
"url": "https://bugzilla.suse.com/1246217"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246285",
"url": "https://bugzilla.suse.com/1246285"
},
{
"category": "self",
"summary": "SUSE Bug 1246286",
"url": "https://bugzilla.suse.com/1246286"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246290",
"url": "https://bugzilla.suse.com/1246290"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246297",
"url": "https://bugzilla.suse.com/1246297"
},
{
"category": "self",
"summary": "SUSE Bug 1246333",
"url": "https://bugzilla.suse.com/1246333"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246385",
"url": "https://bugzilla.suse.com/1246385"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246443",
"url": "https://bugzilla.suse.com/1246443"
},
{
"category": "self",
"summary": "SUSE Bug 1246449",
"url": "https://bugzilla.suse.com/1246449"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246644",
"url": "https://bugzilla.suse.com/1246644"
},
{
"category": "self",
"summary": "SUSE Bug 1246695",
"url": "https://bugzilla.suse.com/1246695"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247021",
"url": "https://bugzilla.suse.com/1247021"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247062",
"url": "https://bugzilla.suse.com/1247062"
},
{
"category": "self",
"summary": "SUSE Bug 1247064",
"url": "https://bugzilla.suse.com/1247064"
},
{
"category": "self",
"summary": "SUSE Bug 1247079",
"url": "https://bugzilla.suse.com/1247079"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247152",
"url": "https://bugzilla.suse.com/1247152"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247234",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247265",
"url": "https://bugzilla.suse.com/1247265"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247282",
"url": "https://bugzilla.suse.com/1247282"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247308",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247831",
"url": "https://bugzilla.suse.com/1247831"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38047 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38114 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38238 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38265 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38299 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38417 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38427 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38453 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38475 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-28T12:06:15Z",
"generator": {
"date": "2025-08-28T12:06:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03011-1",
"initial_release_date": "2025-08-28T12:06:15Z",
"revision_history": [
{
"date": "2025-08-28T12:06:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "kernel-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150700.20.11.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150700.20.11.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150700.20.11.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150700.20.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150700.20.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150700.20.11.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150700.20.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150700.20.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150700.20.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150700.20.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150700.20.11.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150700.20.11.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150700.20.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150700.20.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-39298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n \u003c/TASK\u003e\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n \u003c/TASK\u003e\n\nThe root cause should be the below race:\n\n memory_failure\n try_memory_failure_hugetlb\n me_huge_page\n __page_handle_poison\n dissolve_free_hugetlb_folio\n drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n take_page_off_buddy -- Failed as page is not in the \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39298",
"url": "https://www.suse.com/security/cve/CVE-2024-39298"
},
{
"category": "external",
"summary": "SUSE Bug 1227082 for CVE-2024-39298",
"url": "https://bugzilla.suse.com/1227082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-39298"
},
{
"cve": "CVE-2024-42134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev-\u003eis_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev-\u003eis_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev-\u003eis_avq.\n\n[fix]\nCheck whether it is vp_dev-\u003eis_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42134",
"url": "https://www.suse.com/security/cve/CVE-2024-42134"
},
{
"category": "external",
"summary": "SUSE Bug 1228664 for CVE-2024-42134",
"url": "https://bugzilla.suse.com/1228664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-42134"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-49996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix buffer overflow when parsing NFS reparse points\n\nReparseDataLength is sum of the InodeType size and DataBuffer size.\nSo to get DataBuffer size it is needed to subtract InodeType\u0027s size from\nReparseDataLength.\n\nFunction cifs_strndup_from_utf16() is currentlly accessing buf-\u003eDataBuffer\nat position after the end of the buffer because it does not subtract\nInodeType size from the length. Fix this problem and correctly subtract\nvariable len.\n\nMember InodeType is present only when reparse buffer is large enough. Check\nfor ReparseDataLength before accessing InodeType to prevent another invalid\nmemory access.\n\nMajor and minor rdev values are present also only when reparse buffer is\nlarge enough. Check for reparse buffer size before calling reparse_mkdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49996",
"url": "https://www.suse.com/security/cve/CVE-2024-49996"
},
{
"category": "external",
"summary": "SUSE Bug 1232089 for CVE-2024-49996",
"url": "https://bugzilla.suse.com/1232089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-49996"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21854",
"url": "https://www.suse.com/security/cve/CVE-2025-21854"
},
{
"category": "external",
"summary": "SUSE Bug 1239470 for CVE-2025-21854",
"url": "https://bugzilla.suse.com/1239470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-21854"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-22090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22090",
"url": "https://www.suse.com/security/cve/CVE-2025-22090"
},
{
"category": "external",
"summary": "SUSE Bug 1241537 for CVE-2025-22090",
"url": "https://bugzilla.suse.com/1241537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38047",
"url": "https://www.suse.com/security/cve/CVE-2025-38047"
},
{
"category": "external",
"summary": "SUSE Bug 1245084 for CVE-2025-38047",
"url": "https://bugzilla.suse.com/1245084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38047"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38091",
"url": "https://www.suse.com/security/cve/CVE-2025-38091"
},
{
"category": "external",
"summary": "SUSE Bug 1245621 for CVE-2025-38091",
"url": "https://bugzilla.suse.com/1245621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38091"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq-\u003ethread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq-\u003ethread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx-\u003euring_lock does not prevent ehre\nrelase or exit of sq-\u003ethread.\n\nFix this by assigning and looking up -\u003ethread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38106",
"url": "https://www.suse.com/security/cve/CVE-2025-38106"
},
{
"category": "external",
"summary": "SUSE Bug 1245664 for CVE-2025-38106",
"url": "https://bugzilla.suse.com/1245664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38106"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38114",
"url": "https://www.suse.com/security/cve/CVE-2025-38114"
},
{
"category": "external",
"summary": "SUSE Bug 1245686 for CVE-2025-38114",
"url": "https://bugzilla.suse.com/1245686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38114"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | \u2192 sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()\n\nBefore the commit under the Fixes tag below, bnxt_ulp_stop() and\nbnxt_ulp_start() were always invoked in pairs. After that commit,\nthe new bnxt_ulp_restart() can be invoked after bnxt_ulp_stop()\nhas been called. This may result in the RoCE driver\u0027s aux driver\n.suspend() method being invoked twice. The 2nd bnxt_re_suspend()\ncall will crash when it dereferences a NULL pointer:\n\n(NULL ib_device): Handle device suspend call\nBUG: kernel NULL pointer dereference, address: 0000000000000b78\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 20 UID: 0 PID: 181 Comm: kworker/u96:5 Tainted: G S 6.15.0-rc1 #4 PREEMPT(voluntary)\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\nWorkqueue: bnxt_pf_wq bnxt_sp_task [bnxt_en]\nRIP: 0010:bnxt_re_suspend+0x45/0x1f0 [bnxt_re]\nCode: 8b 05 a7 3c 5b f5 48 89 44 24 18 31 c0 49 8b 5c 24 08 4d 8b 2c 24 e8 ea 06 0a f4 48 c7 c6 04 60 52 c0 48 89 df e8 1b ce f9 ff \u003c48\u003e 8b 83 78 0b 00 00 48 8b 80 38 03 00 00 a8 40 0f 85 b5 00 00 00\nRSP: 0018:ffffa2e84084fd88 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffffb4b6b934 RDI: 00000000ffffffff\nRBP: ffffa1760954c9c0 R08: 0000000000000000 R09: c0000000ffffdfff\nR10: 0000000000000001 R11: ffffa2e84084fb50 R12: ffffa176031ef070\nR13: ffffa17609775000 R14: ffffa17603adc180 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa17daa397000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000b78 CR3: 00000004aaa30003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nbnxt_ulp_stop+0x69/0x90 [bnxt_en]\nbnxt_sp_task+0x678/0x920 [bnxt_en]\n? __schedule+0x514/0xf50\nprocess_scheduled_works+0x9d/0x400\nworker_thread+0x11c/0x260\n? __pfx_worker_thread+0x10/0x10\nkthread+0xfe/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x2b/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nCheck the BNXT_EN_FLAG_ULP_STOPPED flag and do not proceed if the flag\nis already set. This will preserve the original symmetrical\nbnxt_ulp_stop() and bnxt_ulp_start().\n\nAlso, inside bnxt_ulp_start(), clear the BNXT_EN_FLAG_ULP_STOPPED\nflag after taking the mutex to avoid any race condition. And for\nsymmetry, only proceed in bnxt_ulp_start() if the\nBNXT_EN_FLAG_ULP_STOPPED is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38186",
"url": "https://www.suse.com/security/cve/CVE-2025-38186"
},
{
"category": "external",
"summary": "SUSE Bug 1245955 for CVE-2025-38186",
"url": "https://bugzilla.suse.com/1245955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38186"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can\u0027t update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don\u0027t u\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38189",
"url": "https://www.suse.com/security/cve/CVE-2025-38189"
},
{
"category": "external",
"summary": "SUSE Bug 1245812 for CVE-2025-38189",
"url": "https://bugzilla.suse.com/1245812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38189"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\n\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\nsend ABTS for each of them. On send completion, this causes an attempt to\nfree the same frame twice that leads to a crash.\n\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\nlogic accordingly.\n\nTested by checking MDS for FDMI information.\n\nTested by using instrumented driver to:\n\n - Drop PLOGI response\n - Drop RHBA response\n - Drop RPA response\n - Drop RHBA and RPA response\n - Drop PLOGI response + ABTS response\n - Drop RHBA response + ABTS response\n - Drop RPA response + ABTS response\n - Drop RHBA and RPA response + ABTS response for both of them",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38238",
"url": "https://www.suse.com/security/cve/CVE-2025-38238"
},
{
"category": "external",
"summary": "SUSE Bug 1246179 for CVE-2025-38238",
"url": "https://bugzilla.suse.com/1246179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38238"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it\u0027s wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38256",
"url": "https://www.suse.com/security/cve/CVE-2025-38256"
},
{
"category": "external",
"summary": "SUSE Bug 1246188 for CVE-2025-38256",
"url": "https://bugzilla.suse.com/1246188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38256"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n \u003cTASK\u003e\n serial_core_register_port+0x1a0/0x580\n ? __setup_irq+0x39c/0x660\n ? __kmalloc_cache_noprof+0x111/0x310\n jsm_uart_port_init+0xe8/0x180 [jsm]\n jsm_probe_one+0x1f4/0x410 [jsm]\n local_pci_probe+0x42/0x90\n pci_device_probe+0x22f/0x270\n really_probe+0xdb/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8c/0xe0\n bus_add_driver+0x112/0x1f0\n driver_register+0x72/0xd0\n jsm_init_module+0x36/0xff0 [jsm]\n ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n do_one_initcall+0x58/0x310\n do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38265",
"url": "https://www.suse.com/security/cve/CVE-2025-38265"
},
{
"category": "external",
"summary": "SUSE Bug 1246244 for CVE-2025-38265",
"url": "https://bugzilla.suse.com/1246244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38265"
},
{
"cve": "CVE-2025-38268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver\u0027s cancel_work_sync call.\n\nBecause the state check isn\u0027t protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][ C7] Call trace:\n[110121.667396][ C7] __switch_to+0x174/0x338\n[110121.667406][ C7] __schedule+0x608/0x9f0\n[110121.667414][ C7] schedule+0x7c/0xe8\n[110121.667423][ C7] kernfs_drain+0xb0/0x114\n[110121.667431][ C7] __kernfs_remove+0x16c/0x20c\n[110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][ C7] sysfs_remove_group+0x84/0xe8\n[110121.667450][ C7] sysfs_remove_groups+0x34/0x58\n[110121.667458][ C7] device_remove_groups+0x10/0x20\n[110121.667464][ C7] device_release_driver_internal+0x164/0x2e4\n[110121.667475][ C7] device_release_driver+0x18/0x28\n[110121.667484][ C7] bus_remove_device+0xec/0x118\n[110121.667491][ C7] device_del+0x1e8/0x4ac\n[110121.667498][ C7] device_unregister+0x18/0x38\n[110121.667504][ C7] typec_unregister_altmode+0x30/0x44\n[110121.667515][ C7] tcpm_reset_port+0xac/0x370\n[110121.667523][ C7] tcpm_snk_detach+0x84/0xb8\n[110121.667529][ C7] run_state_machine+0x4c0/0x1b68\n[110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4\n[110121.667544][ C7] kthread_worker_fn+0x10c/0x244\n[110121.667552][ C7] kthread+0x104/0x1d4\n[110121.667557][ C7] ret_from_fork+0x10/0x20\n\n[110121.667689][ C7] Workqueue: events dp_altmode_work\n[110121.667697][ C7] Call trace:\n[110121.667701][ C7] __switch_to+0x174/0x338\n[110121.667710][ C7] __schedule+0x608/0x9f0\n[110121.667717][ C7] schedule+0x7c/0xe8\n[110121.667725][ C7] schedule_preempt_disabled+0x24/0x40\n[110121.667733][ C7] __mutex_lock+0x408/0xdac\n[110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24\n[110121.667748][ C7] mutex_lock+0x40/0xec\n[110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4\n[110121.667764][ C7] typec_altmode_enter+0xdc/0x10c\n[110121.667769][ C7] dp_altmode_work+0x68/0x164\n[110121.667775][ C7] process_one_work+0x1e4/0x43c\n[110121.667783][ C7] worker_thread+0x25c/0x430\n[110121.667789][ C7] kthread+0x104/0x1d4\n[110121.667794][ C7] ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38268",
"url": "https://www.suse.com/security/cve/CVE-2025-38268"
},
{
"category": "external",
"summary": "SUSE Bug 1246385 for CVE-2025-38268",
"url": "https://bugzilla.suse.com/1246385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38268"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/cm: Drop lockdep assert and WARN when freeing old msg\n\nThe send completion handler can run after cm_id has advanced to another\nmessage. The cm_id lock is not needed in this case, but a recent change\nre-used cm_free_priv_msg(), which asserts that the lock is held and\nWARNs if the cm_id\u0027s currently outstanding msg is different than the one\nbeing freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38287",
"url": "https://www.suse.com/security/cve/CVE-2025-38287"
},
{
"category": "external",
"summary": "SUSE Bug 1246285 for CVE-2025-38287",
"url": "https://bugzilla.suse.com/1246285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38287"
},
{
"cve": "CVE-2025-38288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel: check_preemption_disabled: 436 callbacks suppressed\nkernel: BUG: using smp_processor_id() in preemptible [00000000]\n code: kworker/u1025:0/2354\nkernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel: ...\nkernel: Workqueue: writeback wb_workfn (flush-253:0)\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x34/0x48\nkernel: check_preemption_disabled+0xdd/0xe0\nkernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38288",
"url": "https://www.suse.com/security/cve/CVE-2025-38288"
},
{
"category": "external",
"summary": "SUSE Bug 1246286 for CVE-2025-38288",
"url": "https://bugzilla.suse.com/1246286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38288"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Prevent sending WMI commands to firmware during firmware crash\n\nCurrently, we encounter the following kernel call trace when a firmware\ncrash occurs. This happens because the host sends WMI commands to the\nfirmware while it is in recovery, causing the commands to fail and\nresulting in the kernel call trace.\n\nSet the ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY flags when the\nhost driver receives the firmware crash notification from MHI. This\nprevents sending WMI commands to the firmware during recovery.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x75/0xc0\n register_lock_class+0x6be/0x7a0\n ? __lock_acquire+0x644/0x19a0\n __lock_acquire+0x95/0x19a0\n lock_acquire+0x265/0x310\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ? find_held_lock+0x34/0xa0\n ? ath12k_ce_send+0x56/0x210 [ath12k]\n _raw_spin_lock_bh+0x33/0x70\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_htc_send+0x178/0x390 [ath12k]\n ath12k_wmi_cmd_send_nowait+0x76/0xa0 [ath12k]\n ath12k_wmi_cmd_send+0x62/0x190 [ath12k]\n ath12k_wmi_pdev_bss_chan_info_request+0x62/0xc0 [ath1\n ath12k_mac_op_get_survey+0x2be/0x310 [ath12k]\n ieee80211_dump_survey+0x99/0x240 [mac80211]\n nl80211_dump_survey+0xe7/0x470 [cfg80211]\n ? kmalloc_reserve+0x59/0xf0\n genl_dumpit+0x24/0x70\n netlink_dump+0x177/0x360\n __netlink_dump_start+0x206/0x280\n genl_family_rcv_msg_dumpit.isra.22+0x8a/0xe0\n ? genl_family_rcv_msg_attrs_parse.isra.23+0xe0/0xe0\n ? genl_op_lock.part.12+0x10/0x10\n ? genl_dumpit+0x70/0x70\n genl_rcv_msg+0x1d0/0x290\n ? nl80211_del_station+0x330/0x330 [cfg80211]\n ? genl_get_cmd_both+0x50/0x50\n netlink_rcv_skb+0x4f/0x100\n genl_rcv+0x1f/0x30\n netlink_unicast+0x1b6/0x260\n netlink_sendmsg+0x31a/0x450\n __sock_sendmsg+0xa8/0xb0\n ____sys_sendmsg+0x1e4/0x260\n ___sys_sendmsg+0x89/0xe0\n ? local_clock_noinstr+0xb/0xc0\n ? rcu_is_watching+0xd/0x40\n ? kfree+0x1de/0x370\n ? __sys_sendmsg+0x7a/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38291",
"url": "https://www.suse.com/security/cve/CVE-2025-38291"
},
{
"category": "external",
"summary": "SUSE Bug 1246297 for CVE-2025-38291",
"url": "https://bugzilla.suse.com/1246297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38291"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()\n\nETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),\nin the case the codec dai_name will be null.\n\nAvoid a crash if the device tree is not assigning a codec\nto these links.\n\n[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 1.181065] Mem abort info:\n[ 1.181420] ESR = 0x0000000096000004\n[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.182576] SET = 0, FnV = 0\n[ 1.182964] EA = 0, S1PTW = 0\n[ 1.183367] FSC = 0x04: level 0 translation fault\n[ 1.183983] Data abort info:\n[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.186439] [0000000000000000] user address but active_mm is swapper\n[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1.188029] Modules linked in:\n[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85\n[ 1.189515] Hardware name: Radxa NIO 12L (DT)\n[ 1.190065] Workqueue: events_unbound deferred_probe_work_func\n[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.191683] pc : __pi_strcmp+0x24/0x140\n[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0\n[ 1.192854] sp : ffff800083473970\n[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002\n[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88\n[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8\n[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff\n[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006\n[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374\n[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018\n[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d\n[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000\n[ 1.202236] Call trace:\n[ 1.202545] __pi_strcmp+0x24/0x140 (P)\n[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8\n[ 1.203644] platform_probe+0x70/0xe8\n[ 1.204106] really_probe+0xc8/0x3a0\n[ 1.204556] __driver_probe_device+0x84/0x160\n[ 1.205104] driver_probe_device+0x44/0x130\n[ 1.205630] __device_attach_driver+0xc4/0x170\n[ 1.206189] bus_for_each_drv+0x8c/0xf8\n[ 1.206672] __device_attach+0xa8/0x1c8\n[ 1.207155] device_initial_probe+0x1c/0x30\n[ 1.207681] bus_probe_device+0xb0/0xc0\n[ 1.208165] deferred_probe_work_func+0xa4/0x100\n[ 1.208747] process_one_work+0x158/0x3e0\n[ 1.209254] worker_thread+0x2c4/0x3e8\n[ 1.209727] kthread+0x134/0x1f0\n[ 1.210136] ret_from_fork+0x10/0x20\n[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)\n[ 1.211355] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38299",
"url": "https://www.suse.com/security/cve/CVE-2025-38299"
},
{
"category": "external",
"summary": "SUSE Bug 1246290 for CVE-2025-38299",
"url": "https://bugzilla.suse.com/1246290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38299"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Check dsbr size from EFI variable\n\nSince the size of struct btintel_dsbr is already known, we can just\nstart there instead of querying the EFI variable size. If the final\nresult doesn\u0027t match what we expect also fail. This fixes a stack buffer\noverflow when the EFI variable is larger than struct btintel_dsbr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38315",
"url": "https://www.suse.com/security/cve/CVE-2025-38315"
},
{
"category": "external",
"summary": "SUSE Bug 1246333 for CVE-2025-38315",
"url": "https://bugzilla.suse.com/1246333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38315"
},
{
"cve": "CVE-2025-38317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix buffer overflow in debugfs\n\nIf the user tries to write more than 32 bytes then it results in memory\ncorruption. Fortunately, this is debugfs so it\u0027s limited to root users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38317",
"url": "https://www.suse.com/security/cve/CVE-2025-38317"
},
{
"category": "external",
"summary": "SUSE Bug 1246443 for CVE-2025-38317",
"url": "https://bugzilla.suse.com/1246443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38317"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38353",
"url": "https://www.suse.com/security/cve/CVE-2025-38353"
},
{
"category": "external",
"summary": "SUSE Bug 1247265 for CVE-2025-38353",
"url": "https://bugzilla.suse.com/1247265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38353"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Process deferred GGTT node removals on device unwind\n\nWhile we are indirectly draining our dedicated workqueue ggtt-\u003ewq\nthat we use to complete asynchronous removal of some GGTT nodes,\nthis happends as part of the managed-drm unwinding (ggtt_fini_early),\nwhich could be later then manage-device unwinding, where we could\nalready unmap our MMIO/GMS mapping (mmio_fini).\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747340 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747540 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747240 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747040 tiles_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746840 mmio_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747f40 xe_bo_pinned_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746b40 devm_drm_dev_init_release (16 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] drmres release begin\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef81640 __fini_relay (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80d40 guc_ct_fini (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80040 __drmm_mutex_release (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80140 ggtt_fini_early (8 bytes)\n\nand this was leading to:\n\n [ ] BUG: unable to handle page fault for address: ffffc900058162a0\n [ ] #PF: supervisor write access in kernel mode\n [ ] #PF: error_code(0x0002) - not-present page\n [ ] Oops: Oops: 0002 [#1] SMP NOPTI\n [ ] Tainted: [W]=WARN\n [ ] Workqueue: xe-ggtt-wq ggtt_node_remove_work_func [xe]\n [ ] RIP: 0010:xe_ggtt_set_pte+0x6d/0x350 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] xe_ggtt_clear+0xb0/0x270 [xe]\n [ ] ggtt_node_remove+0xbb/0x120 [xe]\n [ ] ggtt_node_remove_work_func+0x30/0x50 [xe]\n [ ] process_one_work+0x22b/0x6f0\n [ ] worker_thread+0x1e8/0x3d\n\nAdd managed-device action that will explicitly drain the workqueue\nwith all pending node removals prior to releasing MMIO/GSM mapping.\n\n(cherry picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38355",
"url": "https://www.suse.com/security/cve/CVE-2025-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1247062 for CVE-2025-38355",
"url": "https://bugzilla.suse.com/1247062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38355"
},
{
"cve": "CVE-2025-38356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38356",
"url": "https://www.suse.com/security/cve/CVE-2025-38356"
},
{
"category": "external",
"summary": "SUSE Bug 1247064 for CVE-2025-38356",
"url": "https://bugzilla.suse.com/1247064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38356"
},
{
"cve": "CVE-2025-38361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38361",
"url": "https://www.suse.com/security/cve/CVE-2025-38361"
},
{
"category": "external",
"summary": "SUSE Bug 1247079 for CVE-2025-38361",
"url": "https://bugzilla.suse.com/1247079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38361"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n \u2192 revoke_mr() |\n \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | \u2192 mlx5r_cache_create_ent_locked()\n | \u2192 kzalloc(GFP_KERNEL)\n | \u2192 fs_reclaim()\n | \u2192 mmu_notifier_invalidate_range_start()\n | \u2192 mlx5_ib_invalidate_range()\n | \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n \u2192 cache_ent_find_and_store() |\n \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n comm \"bash\", pid 1784, jiffies 4295743894\n hex dump (first 32 bytes on cpu 45):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n pcpu_alloc_noprof+0x4c4/0x7c0\n ice_repr_create+0x66/0x130 [ice]\n ice_repr_create_vf+0x22/0x70 [ice]\n ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n ice_pci_err_resume+0x3b/0xb0 [ice]\n pci_reset_function+0x8f/0x120\n reset_store+0x56/0xa0\n kernfs_fop_write_iter+0x120/0x1b0\n vfs_write+0x31c/0x430\n ksys_write+0x61/0xd0\n do_syscall_64+0x5b/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n echo 1 \u003e /sys/class/net/ethX/device/reset",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38417",
"url": "https://www.suse.com/security/cve/CVE-2025-38417"
},
{
"category": "external",
"summary": "SUSE Bug 1247282 for CVE-2025-38417",
"url": "https://bugzilla.suse.com/1247282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38417"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38427"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38427",
"url": "https://www.suse.com/security/cve/CVE-2025-38427"
},
{
"category": "external",
"summary": "SUSE Bug 1247152 for CVE-2025-38427",
"url": "https://bugzilla.suse.com/1247152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38427"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38453"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38453",
"url": "https://www.suse.com/security/cve/CVE-2025-38453"
},
{
"category": "external",
"summary": "SUSE Bug 1247234 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "external",
"summary": "SUSE Bug 1247737 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38453"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet\u0027s add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38475",
"url": "https://www.suse.com/security/cve/CVE-2025-38475"
},
{
"category": "external",
"summary": "SUSE Bug 1247308 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "external",
"summary": "SUSE Bug 1247309 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.11.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-28T12:06:15Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2025:20601-1
Vulnerability from csaf_suse - Published: 2025-08-25 11:19 - Updated: 2025-08-25 11:19Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:
x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between
handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).
- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).
- ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- Correctly put RDMA kabi patch into patches.kabi instead of patches.suse
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- Input: iqs7222 - explicitly define number of external channels (git-fixes).
- Input: xpad - adjust error handling for disconnect (git-fixes).
- Input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- Input: xpad - support Acer NGR 200 Controller (stable-fixes).
- Logitech C-270 even more broken (stable-fixes).
- Move upstreamed SCSI and ACPI patches into sorted section
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4.2: fix listxattr to return selinux security label (git-fixes).
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- NFSv4: Always set NLINK even if the server does not support it (git-fixes).
- NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)
- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Revert "ACPI: battery: negate current when discharging" (stable-fixes).
- Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (bsc#1219338).
- Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" (stable-fixes).
- Revert "mmc: sdhci: Disable SD card clock before changing parameters" (git-fixes).
- Revert "usb: xhci: Implement xhci_handshake_check_state() helper" (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes).
- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- config: enable RBD (jsc#PED-13238)
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-83
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:\n x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between\n handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).\n- ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).\n- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).\n- ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- Correctly put RDMA kabi patch into patches.kabi instead of patches.suse\n- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- Documentation: ACPI: Fix parent device references (git-fixes).\n- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- Fix dma_unmap_sg() nents value (git-fixes)\n- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- HID: core: do not bypass hid_hw_raw_request (stable-fixes).\n- HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- Input: iqs7222 - explicitly define number of external channels (git-fixes).\n- Input: xpad - adjust error handling for disconnect (git-fixes).\n- Input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- Input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- Logitech C-270 even more broken (stable-fixes).\n- Move upstreamed SCSI and ACPI patches into sorted section\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- NFS: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- NFSv4.2: another fix for listxattr (git-fixes).\n- NFSv4.2: fix listxattr to return selinux security label (git-fixes).\n- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- NFSv4: Always set NLINK even if the server does not support it (git-fixes).\n- NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- PCI: endpoint: Fix configfs group list head handling (git-fixes).\n- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- PCI: rockchip-host: Fix \"Unexpected Completion\" log message (git-fixes).\n- PM / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- RDMA/core: Rate limit GID cache warning messages (git-fixes)\n- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- RDMA/hns: Drop GFP_NOWARN (git-fixes)\n- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)\n- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- RDMA/hns: Fix accessing uninitialized resources (git-fixes)\n- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)\n- RDMA/hns: Get message length of ack_req from FW (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)\n- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)\n- RDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- Reapply \"wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\" (git-fixes).\n- Revert \"ACPI: battery: negate current when discharging\" (stable-fixes).\n- Revert \"cgroup_freezer: cgroup_freezing: Check if not frozen\" (bsc#1219338).\n- Revert \"drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\" (stable-fixes).\n- Revert \"mmc: sdhci: Disable SD card clock before changing parameters\" (git-fixes).\n- Revert \"usb: xhci: Implement xhci_handshake_check_state() helper\" (git-fixes).\n- Revert \"vgacon: Add check for vc_origin address range in vgacon_scroll()\" (stable-fixes).\n- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- USB: serial: option: add Foxconn T99W640 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- config: enable RBD (jsc#PED-13238)\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes).\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-83",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20601-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20601-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520601-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20601-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022363.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-25T11:19:19Z",
"generator": {
"date": "2025-08-25T11:19:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20601-1",
"initial_release_date": "2025-08-25T11:19:19Z",
"revision_history": [
{
"date": "2025-08-25T11:19:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-35.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-35.1.aarch64",
"product_id": "kernel-rt-6.4.0-35.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-35.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-35.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-35.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-35.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-35.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-35.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-35.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-35.1.noarch",
"product_id": "kernel-source-rt-6.4.0-35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-35.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-35.1.x86_64",
"product_id": "kernel-rt-6.4.0-35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-35.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-35.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-35.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-35.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-35.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-35.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-35.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-35.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-35.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-35.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-35.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-35.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-35.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-35.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-35.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | -\u003e sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n -\u003e revoke_mr() |\n -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | -\u003e mlx5r_cache_create_ent_locked()\n | -\u003e kzalloc(GFP_KERNEL)\n | -\u003e fs_reclaim()\n | -\u003e mmu_notifier_invalidate_range_start()\n | -\u003e mlx5_ib_invalidate_range()\n | -\u003e mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n -\u003e cache_ent_find_and_store() |\n -\u003e mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-35.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-35.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T11:19:19Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2026:0411-1
Vulnerability from csaf_suse - Published: 2026-02-09 14:51 - Updated: 2026-02-09 14:51Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
The following non security issues were fixed:
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86: make page fault handling disable interrupts properly (git-fixes).
Patchnames
SUSE-2026-411,SUSE-SLE-Micro-5.3-2026-411,SUSE-SLE-Micro-5.4-2026-411
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).\n- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).\n- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).\n- CVE-2023-53215: sched/fair: Don\u0027t balance task to its current running CPU (bsc#1250397).\n- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).\n- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).\n- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).\n- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).\n- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).\n- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).\n- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).\n- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).\n- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).\n- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).\n- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).\n- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).\n- CVE-2025-38159: wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (bsc#1245751).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).\n- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).\n- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).\n- CVE-2025-40215: kABI: xfrm: delete x-\u003etunnel as we delete x (bsc#1254959).\n- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).\n- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).\n- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).\n- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).\n- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).\n- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).\n- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).\n- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).\n- CVE-2025-68183: ima: don\u0027t clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).\n- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).\n- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).\n- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).\n- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).\n- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).\n- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).\n- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).\n\nThe following non security issues were fixed:\n\n- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).\n- x86: make page fault handling disable interrupts properly (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-411,SUSE-SLE-Micro-5.3-2026-411,SUSE-SLE-Micro-5.4-2026-411",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0411-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0411-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260411-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0411-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024085.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1193629",
"url": "https://bugzilla.suse.com/1193629"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1196823",
"url": "https://bugzilla.suse.com/1196823"
},
{
"category": "self",
"summary": "SUSE Bug 1204957",
"url": "https://bugzilla.suse.com/1204957"
},
{
"category": "self",
"summary": "SUSE Bug 1205567",
"url": "https://bugzilla.suse.com/1205567"
},
{
"category": "self",
"summary": "SUSE Bug 1206889",
"url": "https://bugzilla.suse.com/1206889"
},
{
"category": "self",
"summary": "SUSE Bug 1207051",
"url": "https://bugzilla.suse.com/1207051"
},
{
"category": "self",
"summary": "SUSE Bug 1207088",
"url": "https://bugzilla.suse.com/1207088"
},
{
"category": "self",
"summary": "SUSE Bug 1207611",
"url": "https://bugzilla.suse.com/1207611"
},
{
"category": "self",
"summary": "SUSE Bug 1207620",
"url": "https://bugzilla.suse.com/1207620"
},
{
"category": "self",
"summary": "SUSE Bug 1207622",
"url": "https://bugzilla.suse.com/1207622"
},
{
"category": "self",
"summary": "SUSE Bug 1207636",
"url": "https://bugzilla.suse.com/1207636"
},
{
"category": "self",
"summary": "SUSE Bug 1207644",
"url": "https://bugzilla.suse.com/1207644"
},
{
"category": "self",
"summary": "SUSE Bug 1207646",
"url": "https://bugzilla.suse.com/1207646"
},
{
"category": "self",
"summary": "SUSE Bug 1207652",
"url": "https://bugzilla.suse.com/1207652"
},
{
"category": "self",
"summary": "SUSE Bug 1207653",
"url": "https://bugzilla.suse.com/1207653"
},
{
"category": "self",
"summary": "SUSE Bug 1208570",
"url": "https://bugzilla.suse.com/1208570"
},
{
"category": "self",
"summary": "SUSE Bug 1208758",
"url": "https://bugzilla.suse.com/1208758"
},
{
"category": "self",
"summary": "SUSE Bug 1209799",
"url": "https://bugzilla.suse.com/1209799"
},
{
"category": "self",
"summary": "SUSE Bug 1210817",
"url": "https://bugzilla.suse.com/1210817"
},
{
"category": "self",
"summary": "SUSE Bug 1210943",
"url": "https://bugzilla.suse.com/1210943"
},
{
"category": "self",
"summary": "SUSE Bug 1211690",
"url": "https://bugzilla.suse.com/1211690"
},
{
"category": "self",
"summary": "SUSE Bug 1213025",
"url": "https://bugzilla.suse.com/1213025"
},
{
"category": "self",
"summary": "SUSE Bug 1213032",
"url": "https://bugzilla.suse.com/1213032"
},
{
"category": "self",
"summary": "SUSE Bug 1213093",
"url": "https://bugzilla.suse.com/1213093"
},
{
"category": "self",
"summary": "SUSE Bug 1213105",
"url": "https://bugzilla.suse.com/1213105"
},
{
"category": "self",
"summary": "SUSE Bug 1213110",
"url": "https://bugzilla.suse.com/1213110"
},
{
"category": "self",
"summary": "SUSE Bug 1213111",
"url": "https://bugzilla.suse.com/1213111"
},
{
"category": "self",
"summary": "SUSE Bug 1213653",
"url": "https://bugzilla.suse.com/1213653"
},
{
"category": "self",
"summary": "SUSE Bug 1213747",
"url": "https://bugzilla.suse.com/1213747"
},
{
"category": "self",
"summary": "SUSE Bug 1213867",
"url": "https://bugzilla.suse.com/1213867"
},
{
"category": "self",
"summary": "SUSE Bug 1214635",
"url": "https://bugzilla.suse.com/1214635"
},
{
"category": "self",
"summary": "SUSE Bug 1214940",
"url": "https://bugzilla.suse.com/1214940"
},
{
"category": "self",
"summary": "SUSE Bug 1214962",
"url": "https://bugzilla.suse.com/1214962"
},
{
"category": "self",
"summary": "SUSE Bug 1214986",
"url": "https://bugzilla.suse.com/1214986"
},
{
"category": "self",
"summary": "SUSE Bug 1214990",
"url": "https://bugzilla.suse.com/1214990"
},
{
"category": "self",
"summary": "SUSE Bug 1216062",
"url": "https://bugzilla.suse.com/1216062"
},
{
"category": "self",
"summary": "SUSE Bug 1228015",
"url": "https://bugzilla.suse.com/1228015"
},
{
"category": "self",
"summary": "SUSE Bug 1230185",
"url": "https://bugzilla.suse.com/1230185"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1242006",
"url": "https://bugzilla.suse.com/1242006"
},
{
"category": "self",
"summary": "SUSE Bug 1245210",
"url": "https://bugzilla.suse.com/1245210"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247483",
"url": "https://bugzilla.suse.com/1247483"
},
{
"category": "self",
"summary": "SUSE Bug 1249871",
"url": "https://bugzilla.suse.com/1249871"
},
{
"category": "self",
"summary": "SUSE Bug 1250397",
"url": "https://bugzilla.suse.com/1250397"
},
{
"category": "self",
"summary": "SUSE Bug 1252046",
"url": "https://bugzilla.suse.com/1252046"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1253409",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "self",
"summary": "SUSE Bug 1253702",
"url": "https://bugzilla.suse.com/1253702"
},
{
"category": "self",
"summary": "SUSE Bug 1254520",
"url": "https://bugzilla.suse.com/1254520"
},
{
"category": "self",
"summary": "SUSE Bug 1254559",
"url": "https://bugzilla.suse.com/1254559"
},
{
"category": "self",
"summary": "SUSE Bug 1254562",
"url": "https://bugzilla.suse.com/1254562"
},
{
"category": "self",
"summary": "SUSE Bug 1254572",
"url": "https://bugzilla.suse.com/1254572"
},
{
"category": "self",
"summary": "SUSE Bug 1254578",
"url": "https://bugzilla.suse.com/1254578"
},
{
"category": "self",
"summary": "SUSE Bug 1254580",
"url": "https://bugzilla.suse.com/1254580"
},
{
"category": "self",
"summary": "SUSE Bug 1254592",
"url": "https://bugzilla.suse.com/1254592"
},
{
"category": "self",
"summary": "SUSE Bug 1254608",
"url": "https://bugzilla.suse.com/1254608"
},
{
"category": "self",
"summary": "SUSE Bug 1254609",
"url": "https://bugzilla.suse.com/1254609"
},
{
"category": "self",
"summary": "SUSE Bug 1254614",
"url": "https://bugzilla.suse.com/1254614"
},
{
"category": "self",
"summary": "SUSE Bug 1254615",
"url": "https://bugzilla.suse.com/1254615"
},
{
"category": "self",
"summary": "SUSE Bug 1254617",
"url": "https://bugzilla.suse.com/1254617"
},
{
"category": "self",
"summary": "SUSE Bug 1254625",
"url": "https://bugzilla.suse.com/1254625"
},
{
"category": "self",
"summary": "SUSE Bug 1254631",
"url": "https://bugzilla.suse.com/1254631"
},
{
"category": "self",
"summary": "SUSE Bug 1254632",
"url": "https://bugzilla.suse.com/1254632"
},
{
"category": "self",
"summary": "SUSE Bug 1254634",
"url": "https://bugzilla.suse.com/1254634"
},
{
"category": "self",
"summary": "SUSE Bug 1254644",
"url": "https://bugzilla.suse.com/1254644"
},
{
"category": "self",
"summary": "SUSE Bug 1254645",
"url": "https://bugzilla.suse.com/1254645"
},
{
"category": "self",
"summary": "SUSE Bug 1254649",
"url": "https://bugzilla.suse.com/1254649"
},
{
"category": "self",
"summary": "SUSE Bug 1254653",
"url": "https://bugzilla.suse.com/1254653"
},
{
"category": "self",
"summary": "SUSE Bug 1254656",
"url": "https://bugzilla.suse.com/1254656"
},
{
"category": "self",
"summary": "SUSE Bug 1254658",
"url": "https://bugzilla.suse.com/1254658"
},
{
"category": "self",
"summary": "SUSE Bug 1254660",
"url": "https://bugzilla.suse.com/1254660"
},
{
"category": "self",
"summary": "SUSE Bug 1254664",
"url": "https://bugzilla.suse.com/1254664"
},
{
"category": "self",
"summary": "SUSE Bug 1254671",
"url": "https://bugzilla.suse.com/1254671"
},
{
"category": "self",
"summary": "SUSE Bug 1254674",
"url": "https://bugzilla.suse.com/1254674"
},
{
"category": "self",
"summary": "SUSE Bug 1254676",
"url": "https://bugzilla.suse.com/1254676"
},
{
"category": "self",
"summary": "SUSE Bug 1254677",
"url": "https://bugzilla.suse.com/1254677"
},
{
"category": "self",
"summary": "SUSE Bug 1254686",
"url": "https://bugzilla.suse.com/1254686"
},
{
"category": "self",
"summary": "SUSE Bug 1254690",
"url": "https://bugzilla.suse.com/1254690"
},
{
"category": "self",
"summary": "SUSE Bug 1254692",
"url": "https://bugzilla.suse.com/1254692"
},
{
"category": "self",
"summary": "SUSE Bug 1254694",
"url": "https://bugzilla.suse.com/1254694"
},
{
"category": "self",
"summary": "SUSE Bug 1254696",
"url": "https://bugzilla.suse.com/1254696"
},
{
"category": "self",
"summary": "SUSE Bug 1254698",
"url": "https://bugzilla.suse.com/1254698"
},
{
"category": "self",
"summary": "SUSE Bug 1254699",
"url": "https://bugzilla.suse.com/1254699"
},
{
"category": "self",
"summary": "SUSE Bug 1254704",
"url": "https://bugzilla.suse.com/1254704"
},
{
"category": "self",
"summary": "SUSE Bug 1254706",
"url": "https://bugzilla.suse.com/1254706"
},
{
"category": "self",
"summary": "SUSE Bug 1254709",
"url": "https://bugzilla.suse.com/1254709"
},
{
"category": "self",
"summary": "SUSE Bug 1254710",
"url": "https://bugzilla.suse.com/1254710"
},
{
"category": "self",
"summary": "SUSE Bug 1254711",
"url": "https://bugzilla.suse.com/1254711"
},
{
"category": "self",
"summary": "SUSE Bug 1254712",
"url": "https://bugzilla.suse.com/1254712"
},
{
"category": "self",
"summary": "SUSE Bug 1254713",
"url": "https://bugzilla.suse.com/1254713"
},
{
"category": "self",
"summary": "SUSE Bug 1254714",
"url": "https://bugzilla.suse.com/1254714"
},
{
"category": "self",
"summary": "SUSE Bug 1254716",
"url": "https://bugzilla.suse.com/1254716"
},
{
"category": "self",
"summary": "SUSE Bug 1254723",
"url": "https://bugzilla.suse.com/1254723"
},
{
"category": "self",
"summary": "SUSE Bug 1254725",
"url": "https://bugzilla.suse.com/1254725"
},
{
"category": "self",
"summary": "SUSE Bug 1254728",
"url": "https://bugzilla.suse.com/1254728"
},
{
"category": "self",
"summary": "SUSE Bug 1254729",
"url": "https://bugzilla.suse.com/1254729"
},
{
"category": "self",
"summary": "SUSE Bug 1254743",
"url": "https://bugzilla.suse.com/1254743"
},
{
"category": "self",
"summary": "SUSE Bug 1254745",
"url": "https://bugzilla.suse.com/1254745"
},
{
"category": "self",
"summary": "SUSE Bug 1254751",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "self",
"summary": "SUSE Bug 1254756",
"url": "https://bugzilla.suse.com/1254756"
},
{
"category": "self",
"summary": "SUSE Bug 1254759",
"url": "https://bugzilla.suse.com/1254759"
},
{
"category": "self",
"summary": "SUSE Bug 1254763",
"url": "https://bugzilla.suse.com/1254763"
},
{
"category": "self",
"summary": "SUSE Bug 1254775",
"url": "https://bugzilla.suse.com/1254775"
},
{
"category": "self",
"summary": "SUSE Bug 1254780",
"url": "https://bugzilla.suse.com/1254780"
},
{
"category": "self",
"summary": "SUSE Bug 1254781",
"url": "https://bugzilla.suse.com/1254781"
},
{
"category": "self",
"summary": "SUSE Bug 1254782",
"url": "https://bugzilla.suse.com/1254782"
},
{
"category": "self",
"summary": "SUSE Bug 1254783",
"url": "https://bugzilla.suse.com/1254783"
},
{
"category": "self",
"summary": "SUSE Bug 1254785",
"url": "https://bugzilla.suse.com/1254785"
},
{
"category": "self",
"summary": "SUSE Bug 1254788",
"url": "https://bugzilla.suse.com/1254788"
},
{
"category": "self",
"summary": "SUSE Bug 1254789",
"url": "https://bugzilla.suse.com/1254789"
},
{
"category": "self",
"summary": "SUSE Bug 1254792",
"url": "https://bugzilla.suse.com/1254792"
},
{
"category": "self",
"summary": "SUSE Bug 1254813",
"url": "https://bugzilla.suse.com/1254813"
},
{
"category": "self",
"summary": "SUSE Bug 1254842",
"url": "https://bugzilla.suse.com/1254842"
},
{
"category": "self",
"summary": "SUSE Bug 1254843",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "self",
"summary": "SUSE Bug 1254847",
"url": "https://bugzilla.suse.com/1254847"
},
{
"category": "self",
"summary": "SUSE Bug 1254851",
"url": "https://bugzilla.suse.com/1254851"
},
{
"category": "self",
"summary": "SUSE Bug 1254894",
"url": "https://bugzilla.suse.com/1254894"
},
{
"category": "self",
"summary": "SUSE Bug 1254902",
"url": "https://bugzilla.suse.com/1254902"
},
{
"category": "self",
"summary": "SUSE Bug 1254915",
"url": "https://bugzilla.suse.com/1254915"
},
{
"category": "self",
"summary": "SUSE Bug 1254916",
"url": "https://bugzilla.suse.com/1254916"
},
{
"category": "self",
"summary": "SUSE Bug 1254917",
"url": "https://bugzilla.suse.com/1254917"
},
{
"category": "self",
"summary": "SUSE Bug 1254920",
"url": "https://bugzilla.suse.com/1254920"
},
{
"category": "self",
"summary": "SUSE Bug 1254959",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "self",
"summary": "SUSE Bug 1254974",
"url": "https://bugzilla.suse.com/1254974"
},
{
"category": "self",
"summary": "SUSE Bug 1254986",
"url": "https://bugzilla.suse.com/1254986"
},
{
"category": "self",
"summary": "SUSE Bug 1254994",
"url": "https://bugzilla.suse.com/1254994"
},
{
"category": "self",
"summary": "SUSE Bug 1255002",
"url": "https://bugzilla.suse.com/1255002"
},
{
"category": "self",
"summary": "SUSE Bug 1255005",
"url": "https://bugzilla.suse.com/1255005"
},
{
"category": "self",
"summary": "SUSE Bug 1255007",
"url": "https://bugzilla.suse.com/1255007"
},
{
"category": "self",
"summary": "SUSE Bug 1255049",
"url": "https://bugzilla.suse.com/1255049"
},
{
"category": "self",
"summary": "SUSE Bug 1255060",
"url": "https://bugzilla.suse.com/1255060"
},
{
"category": "self",
"summary": "SUSE Bug 1255163",
"url": "https://bugzilla.suse.com/1255163"
},
{
"category": "self",
"summary": "SUSE Bug 1255165",
"url": "https://bugzilla.suse.com/1255165"
},
{
"category": "self",
"summary": "SUSE Bug 1255251",
"url": "https://bugzilla.suse.com/1255251"
},
{
"category": "self",
"summary": "SUSE Bug 1255377",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "self",
"summary": "SUSE Bug 1255401",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "self",
"summary": "SUSE Bug 1255467",
"url": "https://bugzilla.suse.com/1255467"
},
{
"category": "self",
"summary": "SUSE Bug 1255469",
"url": "https://bugzilla.suse.com/1255469"
},
{
"category": "self",
"summary": "SUSE Bug 1255521",
"url": "https://bugzilla.suse.com/1255521"
},
{
"category": "self",
"summary": "SUSE Bug 1255528",
"url": "https://bugzilla.suse.com/1255528"
},
{
"category": "self",
"summary": "SUSE Bug 1255546",
"url": "https://bugzilla.suse.com/1255546"
},
{
"category": "self",
"summary": "SUSE Bug 1255549",
"url": "https://bugzilla.suse.com/1255549"
},
{
"category": "self",
"summary": "SUSE Bug 1255554",
"url": "https://bugzilla.suse.com/1255554"
},
{
"category": "self",
"summary": "SUSE Bug 1255555",
"url": "https://bugzilla.suse.com/1255555"
},
{
"category": "self",
"summary": "SUSE Bug 1255558",
"url": "https://bugzilla.suse.com/1255558"
},
{
"category": "self",
"summary": "SUSE Bug 1255560",
"url": "https://bugzilla.suse.com/1255560"
},
{
"category": "self",
"summary": "SUSE Bug 1255562",
"url": "https://bugzilla.suse.com/1255562"
},
{
"category": "self",
"summary": "SUSE Bug 1255565",
"url": "https://bugzilla.suse.com/1255565"
},
{
"category": "self",
"summary": "SUSE Bug 1255574",
"url": "https://bugzilla.suse.com/1255574"
},
{
"category": "self",
"summary": "SUSE Bug 1255576",
"url": "https://bugzilla.suse.com/1255576"
},
{
"category": "self",
"summary": "SUSE Bug 1255578",
"url": "https://bugzilla.suse.com/1255578"
},
{
"category": "self",
"summary": "SUSE Bug 1255582",
"url": "https://bugzilla.suse.com/1255582"
},
{
"category": "self",
"summary": "SUSE Bug 1255594",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "self",
"summary": "SUSE Bug 1255600",
"url": "https://bugzilla.suse.com/1255600"
},
{
"category": "self",
"summary": "SUSE Bug 1255607",
"url": "https://bugzilla.suse.com/1255607"
},
{
"category": "self",
"summary": "SUSE Bug 1255608",
"url": "https://bugzilla.suse.com/1255608"
},
{
"category": "self",
"summary": "SUSE Bug 1255609",
"url": "https://bugzilla.suse.com/1255609"
},
{
"category": "self",
"summary": "SUSE Bug 1255618",
"url": "https://bugzilla.suse.com/1255618"
},
{
"category": "self",
"summary": "SUSE Bug 1255619",
"url": "https://bugzilla.suse.com/1255619"
},
{
"category": "self",
"summary": "SUSE Bug 1255620",
"url": "https://bugzilla.suse.com/1255620"
},
{
"category": "self",
"summary": "SUSE Bug 1255623",
"url": "https://bugzilla.suse.com/1255623"
},
{
"category": "self",
"summary": "SUSE Bug 1255624",
"url": "https://bugzilla.suse.com/1255624"
},
{
"category": "self",
"summary": "SUSE Bug 1255626",
"url": "https://bugzilla.suse.com/1255626"
},
{
"category": "self",
"summary": "SUSE Bug 1255627",
"url": "https://bugzilla.suse.com/1255627"
},
{
"category": "self",
"summary": "SUSE Bug 1255628",
"url": "https://bugzilla.suse.com/1255628"
},
{
"category": "self",
"summary": "SUSE Bug 1255636",
"url": "https://bugzilla.suse.com/1255636"
},
{
"category": "self",
"summary": "SUSE Bug 1255688",
"url": "https://bugzilla.suse.com/1255688"
},
{
"category": "self",
"summary": "SUSE Bug 1255690",
"url": "https://bugzilla.suse.com/1255690"
},
{
"category": "self",
"summary": "SUSE Bug 1255697",
"url": "https://bugzilla.suse.com/1255697"
},
{
"category": "self",
"summary": "SUSE Bug 1255702",
"url": "https://bugzilla.suse.com/1255702"
},
{
"category": "self",
"summary": "SUSE Bug 1255704",
"url": "https://bugzilla.suse.com/1255704"
},
{
"category": "self",
"summary": "SUSE Bug 1255749",
"url": "https://bugzilla.suse.com/1255749"
},
{
"category": "self",
"summary": "SUSE Bug 1255750",
"url": "https://bugzilla.suse.com/1255750"
},
{
"category": "self",
"summary": "SUSE Bug 1255757",
"url": "https://bugzilla.suse.com/1255757"
},
{
"category": "self",
"summary": "SUSE Bug 1255758",
"url": "https://bugzilla.suse.com/1255758"
},
{
"category": "self",
"summary": "SUSE Bug 1255760",
"url": "https://bugzilla.suse.com/1255760"
},
{
"category": "self",
"summary": "SUSE Bug 1255762",
"url": "https://bugzilla.suse.com/1255762"
},
{
"category": "self",
"summary": "SUSE Bug 1255769",
"url": "https://bugzilla.suse.com/1255769"
},
{
"category": "self",
"summary": "SUSE Bug 1255771",
"url": "https://bugzilla.suse.com/1255771"
},
{
"category": "self",
"summary": "SUSE Bug 1255773",
"url": "https://bugzilla.suse.com/1255773"
},
{
"category": "self",
"summary": "SUSE Bug 1255780",
"url": "https://bugzilla.suse.com/1255780"
},
{
"category": "self",
"summary": "SUSE Bug 1255786",
"url": "https://bugzilla.suse.com/1255786"
},
{
"category": "self",
"summary": "SUSE Bug 1255787",
"url": "https://bugzilla.suse.com/1255787"
},
{
"category": "self",
"summary": "SUSE Bug 1255789",
"url": "https://bugzilla.suse.com/1255789"
},
{
"category": "self",
"summary": "SUSE Bug 1255790",
"url": "https://bugzilla.suse.com/1255790"
},
{
"category": "self",
"summary": "SUSE Bug 1255791",
"url": "https://bugzilla.suse.com/1255791"
},
{
"category": "self",
"summary": "SUSE Bug 1255792",
"url": "https://bugzilla.suse.com/1255792"
},
{
"category": "self",
"summary": "SUSE Bug 1255796",
"url": "https://bugzilla.suse.com/1255796"
},
{
"category": "self",
"summary": "SUSE Bug 1255797",
"url": "https://bugzilla.suse.com/1255797"
},
{
"category": "self",
"summary": "SUSE Bug 1255800",
"url": "https://bugzilla.suse.com/1255800"
},
{
"category": "self",
"summary": "SUSE Bug 1255801",
"url": "https://bugzilla.suse.com/1255801"
},
{
"category": "self",
"summary": "SUSE Bug 1255802",
"url": "https://bugzilla.suse.com/1255802"
},
{
"category": "self",
"summary": "SUSE Bug 1255803",
"url": "https://bugzilla.suse.com/1255803"
},
{
"category": "self",
"summary": "SUSE Bug 1255804",
"url": "https://bugzilla.suse.com/1255804"
},
{
"category": "self",
"summary": "SUSE Bug 1255806",
"url": "https://bugzilla.suse.com/1255806"
},
{
"category": "self",
"summary": "SUSE Bug 1255808",
"url": "https://bugzilla.suse.com/1255808"
},
{
"category": "self",
"summary": "SUSE Bug 1255819",
"url": "https://bugzilla.suse.com/1255819"
},
{
"category": "self",
"summary": "SUSE Bug 1255839",
"url": "https://bugzilla.suse.com/1255839"
},
{
"category": "self",
"summary": "SUSE Bug 1255843",
"url": "https://bugzilla.suse.com/1255843"
},
{
"category": "self",
"summary": "SUSE Bug 1255844",
"url": "https://bugzilla.suse.com/1255844"
},
{
"category": "self",
"summary": "SUSE Bug 1255872",
"url": "https://bugzilla.suse.com/1255872"
},
{
"category": "self",
"summary": "SUSE Bug 1255875",
"url": "https://bugzilla.suse.com/1255875"
},
{
"category": "self",
"summary": "SUSE Bug 1255876",
"url": "https://bugzilla.suse.com/1255876"
},
{
"category": "self",
"summary": "SUSE Bug 1255877",
"url": "https://bugzilla.suse.com/1255877"
},
{
"category": "self",
"summary": "SUSE Bug 1255878",
"url": "https://bugzilla.suse.com/1255878"
},
{
"category": "self",
"summary": "SUSE Bug 1255880",
"url": "https://bugzilla.suse.com/1255880"
},
{
"category": "self",
"summary": "SUSE Bug 1255889",
"url": "https://bugzilla.suse.com/1255889"
},
{
"category": "self",
"summary": "SUSE Bug 1255901",
"url": "https://bugzilla.suse.com/1255901"
},
{
"category": "self",
"summary": "SUSE Bug 1255902",
"url": "https://bugzilla.suse.com/1255902"
},
{
"category": "self",
"summary": "SUSE Bug 1255905",
"url": "https://bugzilla.suse.com/1255905"
},
{
"category": "self",
"summary": "SUSE Bug 1255906",
"url": "https://bugzilla.suse.com/1255906"
},
{
"category": "self",
"summary": "SUSE Bug 1255908",
"url": "https://bugzilla.suse.com/1255908"
},
{
"category": "self",
"summary": "SUSE Bug 1255909",
"url": "https://bugzilla.suse.com/1255909"
},
{
"category": "self",
"summary": "SUSE Bug 1255910",
"url": "https://bugzilla.suse.com/1255910"
},
{
"category": "self",
"summary": "SUSE Bug 1255912",
"url": "https://bugzilla.suse.com/1255912"
},
{
"category": "self",
"summary": "SUSE Bug 1255919",
"url": "https://bugzilla.suse.com/1255919"
},
{
"category": "self",
"summary": "SUSE Bug 1255922",
"url": "https://bugzilla.suse.com/1255922"
},
{
"category": "self",
"summary": "SUSE Bug 1255925",
"url": "https://bugzilla.suse.com/1255925"
},
{
"category": "self",
"summary": "SUSE Bug 1255939",
"url": "https://bugzilla.suse.com/1255939"
},
{
"category": "self",
"summary": "SUSE Bug 1255950",
"url": "https://bugzilla.suse.com/1255950"
},
{
"category": "self",
"summary": "SUSE Bug 1255953",
"url": "https://bugzilla.suse.com/1255953"
},
{
"category": "self",
"summary": "SUSE Bug 1255954",
"url": "https://bugzilla.suse.com/1255954"
},
{
"category": "self",
"summary": "SUSE Bug 1255962",
"url": "https://bugzilla.suse.com/1255962"
},
{
"category": "self",
"summary": "SUSE Bug 1255964",
"url": "https://bugzilla.suse.com/1255964"
},
{
"category": "self",
"summary": "SUSE Bug 1255968",
"url": "https://bugzilla.suse.com/1255968"
},
{
"category": "self",
"summary": "SUSE Bug 1255969",
"url": "https://bugzilla.suse.com/1255969"
},
{
"category": "self",
"summary": "SUSE Bug 1255970",
"url": "https://bugzilla.suse.com/1255970"
},
{
"category": "self",
"summary": "SUSE Bug 1255971",
"url": "https://bugzilla.suse.com/1255971"
},
{
"category": "self",
"summary": "SUSE Bug 1255978",
"url": "https://bugzilla.suse.com/1255978"
},
{
"category": "self",
"summary": "SUSE Bug 1255979",
"url": "https://bugzilla.suse.com/1255979"
},
{
"category": "self",
"summary": "SUSE Bug 1255983",
"url": "https://bugzilla.suse.com/1255983"
},
{
"category": "self",
"summary": "SUSE Bug 1255985",
"url": "https://bugzilla.suse.com/1255985"
},
{
"category": "self",
"summary": "SUSE Bug 1255990",
"url": "https://bugzilla.suse.com/1255990"
},
{
"category": "self",
"summary": "SUSE Bug 1255993",
"url": "https://bugzilla.suse.com/1255993"
},
{
"category": "self",
"summary": "SUSE Bug 1255994",
"url": "https://bugzilla.suse.com/1255994"
},
{
"category": "self",
"summary": "SUSE Bug 1255996",
"url": "https://bugzilla.suse.com/1255996"
},
{
"category": "self",
"summary": "SUSE Bug 1256034",
"url": "https://bugzilla.suse.com/1256034"
},
{
"category": "self",
"summary": "SUSE Bug 1256040",
"url": "https://bugzilla.suse.com/1256040"
},
{
"category": "self",
"summary": "SUSE Bug 1256042",
"url": "https://bugzilla.suse.com/1256042"
},
{
"category": "self",
"summary": "SUSE Bug 1256045",
"url": "https://bugzilla.suse.com/1256045"
},
{
"category": "self",
"summary": "SUSE Bug 1256046",
"url": "https://bugzilla.suse.com/1256046"
},
{
"category": "self",
"summary": "SUSE Bug 1256048",
"url": "https://bugzilla.suse.com/1256048"
},
{
"category": "self",
"summary": "SUSE Bug 1256049",
"url": "https://bugzilla.suse.com/1256049"
},
{
"category": "self",
"summary": "SUSE Bug 1256053",
"url": "https://bugzilla.suse.com/1256053"
},
{
"category": "self",
"summary": "SUSE Bug 1256056",
"url": "https://bugzilla.suse.com/1256056"
},
{
"category": "self",
"summary": "SUSE Bug 1256057",
"url": "https://bugzilla.suse.com/1256057"
},
{
"category": "self",
"summary": "SUSE Bug 1256062",
"url": "https://bugzilla.suse.com/1256062"
},
{
"category": "self",
"summary": "SUSE Bug 1256063",
"url": "https://bugzilla.suse.com/1256063"
},
{
"category": "self",
"summary": "SUSE Bug 1256064",
"url": "https://bugzilla.suse.com/1256064"
},
{
"category": "self",
"summary": "SUSE Bug 1256065",
"url": "https://bugzilla.suse.com/1256065"
},
{
"category": "self",
"summary": "SUSE Bug 1256074",
"url": "https://bugzilla.suse.com/1256074"
},
{
"category": "self",
"summary": "SUSE Bug 1256081",
"url": "https://bugzilla.suse.com/1256081"
},
{
"category": "self",
"summary": "SUSE Bug 1256086",
"url": "https://bugzilla.suse.com/1256086"
},
{
"category": "self",
"summary": "SUSE Bug 1256091",
"url": "https://bugzilla.suse.com/1256091"
},
{
"category": "self",
"summary": "SUSE Bug 1256093",
"url": "https://bugzilla.suse.com/1256093"
},
{
"category": "self",
"summary": "SUSE Bug 1256095",
"url": "https://bugzilla.suse.com/1256095"
},
{
"category": "self",
"summary": "SUSE Bug 1256099",
"url": "https://bugzilla.suse.com/1256099"
},
{
"category": "self",
"summary": "SUSE Bug 1256114",
"url": "https://bugzilla.suse.com/1256114"
},
{
"category": "self",
"summary": "SUSE Bug 1256115",
"url": "https://bugzilla.suse.com/1256115"
},
{
"category": "self",
"summary": "SUSE Bug 1256118",
"url": "https://bugzilla.suse.com/1256118"
},
{
"category": "self",
"summary": "SUSE Bug 1256119",
"url": "https://bugzilla.suse.com/1256119"
},
{
"category": "self",
"summary": "SUSE Bug 1256121",
"url": "https://bugzilla.suse.com/1256121"
},
{
"category": "self",
"summary": "SUSE Bug 1256122",
"url": "https://bugzilla.suse.com/1256122"
},
{
"category": "self",
"summary": "SUSE Bug 1256124",
"url": "https://bugzilla.suse.com/1256124"
},
{
"category": "self",
"summary": "SUSE Bug 1256125",
"url": "https://bugzilla.suse.com/1256125"
},
{
"category": "self",
"summary": "SUSE Bug 1256126",
"url": "https://bugzilla.suse.com/1256126"
},
{
"category": "self",
"summary": "SUSE Bug 1256127",
"url": "https://bugzilla.suse.com/1256127"
},
{
"category": "self",
"summary": "SUSE Bug 1256130",
"url": "https://bugzilla.suse.com/1256130"
},
{
"category": "self",
"summary": "SUSE Bug 1256131",
"url": "https://bugzilla.suse.com/1256131"
},
{
"category": "self",
"summary": "SUSE Bug 1256132",
"url": "https://bugzilla.suse.com/1256132"
},
{
"category": "self",
"summary": "SUSE Bug 1256133",
"url": "https://bugzilla.suse.com/1256133"
},
{
"category": "self",
"summary": "SUSE Bug 1256136",
"url": "https://bugzilla.suse.com/1256136"
},
{
"category": "self",
"summary": "SUSE Bug 1256137",
"url": "https://bugzilla.suse.com/1256137"
},
{
"category": "self",
"summary": "SUSE Bug 1256140",
"url": "https://bugzilla.suse.com/1256140"
},
{
"category": "self",
"summary": "SUSE Bug 1256141",
"url": "https://bugzilla.suse.com/1256141"
},
{
"category": "self",
"summary": "SUSE Bug 1256142",
"url": "https://bugzilla.suse.com/1256142"
},
{
"category": "self",
"summary": "SUSE Bug 1256143",
"url": "https://bugzilla.suse.com/1256143"
},
{
"category": "self",
"summary": "SUSE Bug 1256145",
"url": "https://bugzilla.suse.com/1256145"
},
{
"category": "self",
"summary": "SUSE Bug 1256149",
"url": "https://bugzilla.suse.com/1256149"
},
{
"category": "self",
"summary": "SUSE Bug 1256152",
"url": "https://bugzilla.suse.com/1256152"
},
{
"category": "self",
"summary": "SUSE Bug 1256154",
"url": "https://bugzilla.suse.com/1256154"
},
{
"category": "self",
"summary": "SUSE Bug 1256155",
"url": "https://bugzilla.suse.com/1256155"
},
{
"category": "self",
"summary": "SUSE Bug 1256157",
"url": "https://bugzilla.suse.com/1256157"
},
{
"category": "self",
"summary": "SUSE Bug 1256158",
"url": "https://bugzilla.suse.com/1256158"
},
{
"category": "self",
"summary": "SUSE Bug 1256162",
"url": "https://bugzilla.suse.com/1256162"
},
{
"category": "self",
"summary": "SUSE Bug 1256165",
"url": "https://bugzilla.suse.com/1256165"
},
{
"category": "self",
"summary": "SUSE Bug 1256167",
"url": "https://bugzilla.suse.com/1256167"
},
{
"category": "self",
"summary": "SUSE Bug 1256172",
"url": "https://bugzilla.suse.com/1256172"
},
{
"category": "self",
"summary": "SUSE Bug 1256173",
"url": "https://bugzilla.suse.com/1256173"
},
{
"category": "self",
"summary": "SUSE Bug 1256174",
"url": "https://bugzilla.suse.com/1256174"
},
{
"category": "self",
"summary": "SUSE Bug 1256177",
"url": "https://bugzilla.suse.com/1256177"
},
{
"category": "self",
"summary": "SUSE Bug 1256178",
"url": "https://bugzilla.suse.com/1256178"
},
{
"category": "self",
"summary": "SUSE Bug 1256179",
"url": "https://bugzilla.suse.com/1256179"
},
{
"category": "self",
"summary": "SUSE Bug 1256182",
"url": "https://bugzilla.suse.com/1256182"
},
{
"category": "self",
"summary": "SUSE Bug 1256184",
"url": "https://bugzilla.suse.com/1256184"
},
{
"category": "self",
"summary": "SUSE Bug 1256185",
"url": "https://bugzilla.suse.com/1256185"
},
{
"category": "self",
"summary": "SUSE Bug 1256186",
"url": "https://bugzilla.suse.com/1256186"
},
{
"category": "self",
"summary": "SUSE Bug 1256188",
"url": "https://bugzilla.suse.com/1256188"
},
{
"category": "self",
"summary": "SUSE Bug 1256189",
"url": "https://bugzilla.suse.com/1256189"
},
{
"category": "self",
"summary": "SUSE Bug 1256191",
"url": "https://bugzilla.suse.com/1256191"
},
{
"category": "self",
"summary": "SUSE Bug 1256192",
"url": "https://bugzilla.suse.com/1256192"
},
{
"category": "self",
"summary": "SUSE Bug 1256193",
"url": "https://bugzilla.suse.com/1256193"
},
{
"category": "self",
"summary": "SUSE Bug 1256194",
"url": "https://bugzilla.suse.com/1256194"
},
{
"category": "self",
"summary": "SUSE Bug 1256196",
"url": "https://bugzilla.suse.com/1256196"
},
{
"category": "self",
"summary": "SUSE Bug 1256199",
"url": "https://bugzilla.suse.com/1256199"
},
{
"category": "self",
"summary": "SUSE Bug 1256200",
"url": "https://bugzilla.suse.com/1256200"
},
{
"category": "self",
"summary": "SUSE Bug 1256202",
"url": "https://bugzilla.suse.com/1256202"
},
{
"category": "self",
"summary": "SUSE Bug 1256203",
"url": "https://bugzilla.suse.com/1256203"
},
{
"category": "self",
"summary": "SUSE Bug 1256204",
"url": "https://bugzilla.suse.com/1256204"
},
{
"category": "self",
"summary": "SUSE Bug 1256205",
"url": "https://bugzilla.suse.com/1256205"
},
{
"category": "self",
"summary": "SUSE Bug 1256206",
"url": "https://bugzilla.suse.com/1256206"
},
{
"category": "self",
"summary": "SUSE Bug 1256207",
"url": "https://bugzilla.suse.com/1256207"
},
{
"category": "self",
"summary": "SUSE Bug 1256208",
"url": "https://bugzilla.suse.com/1256208"
},
{
"category": "self",
"summary": "SUSE Bug 1256211",
"url": "https://bugzilla.suse.com/1256211"
},
{
"category": "self",
"summary": "SUSE Bug 1256215",
"url": "https://bugzilla.suse.com/1256215"
},
{
"category": "self",
"summary": "SUSE Bug 1256216",
"url": "https://bugzilla.suse.com/1256216"
},
{
"category": "self",
"summary": "SUSE Bug 1256219",
"url": "https://bugzilla.suse.com/1256219"
},
{
"category": "self",
"summary": "SUSE Bug 1256220",
"url": "https://bugzilla.suse.com/1256220"
},
{
"category": "self",
"summary": "SUSE Bug 1256221",
"url": "https://bugzilla.suse.com/1256221"
},
{
"category": "self",
"summary": "SUSE Bug 1256223",
"url": "https://bugzilla.suse.com/1256223"
},
{
"category": "self",
"summary": "SUSE Bug 1256228",
"url": "https://bugzilla.suse.com/1256228"
},
{
"category": "self",
"summary": "SUSE Bug 1256230",
"url": "https://bugzilla.suse.com/1256230"
},
{
"category": "self",
"summary": "SUSE Bug 1256231",
"url": "https://bugzilla.suse.com/1256231"
},
{
"category": "self",
"summary": "SUSE Bug 1256235",
"url": "https://bugzilla.suse.com/1256235"
},
{
"category": "self",
"summary": "SUSE Bug 1256241",
"url": "https://bugzilla.suse.com/1256241"
},
{
"category": "self",
"summary": "SUSE Bug 1256242",
"url": "https://bugzilla.suse.com/1256242"
},
{
"category": "self",
"summary": "SUSE Bug 1256245",
"url": "https://bugzilla.suse.com/1256245"
},
{
"category": "self",
"summary": "SUSE Bug 1256248",
"url": "https://bugzilla.suse.com/1256248"
},
{
"category": "self",
"summary": "SUSE Bug 1256250",
"url": "https://bugzilla.suse.com/1256250"
},
{
"category": "self",
"summary": "SUSE Bug 1256254",
"url": "https://bugzilla.suse.com/1256254"
},
{
"category": "self",
"summary": "SUSE Bug 1256260",
"url": "https://bugzilla.suse.com/1256260"
},
{
"category": "self",
"summary": "SUSE Bug 1256265",
"url": "https://bugzilla.suse.com/1256265"
},
{
"category": "self",
"summary": "SUSE Bug 1256269",
"url": "https://bugzilla.suse.com/1256269"
},
{
"category": "self",
"summary": "SUSE Bug 1256271",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "self",
"summary": "SUSE Bug 1256274",
"url": "https://bugzilla.suse.com/1256274"
},
{
"category": "self",
"summary": "SUSE Bug 1256282",
"url": "https://bugzilla.suse.com/1256282"
},
{
"category": "self",
"summary": "SUSE Bug 1256285",
"url": "https://bugzilla.suse.com/1256285"
},
{
"category": "self",
"summary": "SUSE Bug 1256291",
"url": "https://bugzilla.suse.com/1256291"
},
{
"category": "self",
"summary": "SUSE Bug 1256295",
"url": "https://bugzilla.suse.com/1256295"
},
{
"category": "self",
"summary": "SUSE Bug 1256300",
"url": "https://bugzilla.suse.com/1256300"
},
{
"category": "self",
"summary": "SUSE Bug 1256306",
"url": "https://bugzilla.suse.com/1256306"
},
{
"category": "self",
"summary": "SUSE Bug 1256317",
"url": "https://bugzilla.suse.com/1256317"
},
{
"category": "self",
"summary": "SUSE Bug 1256320",
"url": "https://bugzilla.suse.com/1256320"
},
{
"category": "self",
"summary": "SUSE Bug 1256323",
"url": "https://bugzilla.suse.com/1256323"
},
{
"category": "self",
"summary": "SUSE Bug 1256326",
"url": "https://bugzilla.suse.com/1256326"
},
{
"category": "self",
"summary": "SUSE Bug 1256328",
"url": "https://bugzilla.suse.com/1256328"
},
{
"category": "self",
"summary": "SUSE Bug 1256333",
"url": "https://bugzilla.suse.com/1256333"
},
{
"category": "self",
"summary": "SUSE Bug 1256334",
"url": "https://bugzilla.suse.com/1256334"
},
{
"category": "self",
"summary": "SUSE Bug 1256335",
"url": "https://bugzilla.suse.com/1256335"
},
{
"category": "self",
"summary": "SUSE Bug 1256337",
"url": "https://bugzilla.suse.com/1256337"
},
{
"category": "self",
"summary": "SUSE Bug 1256338",
"url": "https://bugzilla.suse.com/1256338"
},
{
"category": "self",
"summary": "SUSE Bug 1256344",
"url": "https://bugzilla.suse.com/1256344"
},
{
"category": "self",
"summary": "SUSE Bug 1256346",
"url": "https://bugzilla.suse.com/1256346"
},
{
"category": "self",
"summary": "SUSE Bug 1256349",
"url": "https://bugzilla.suse.com/1256349"
},
{
"category": "self",
"summary": "SUSE Bug 1256353",
"url": "https://bugzilla.suse.com/1256353"
},
{
"category": "self",
"summary": "SUSE Bug 1256355",
"url": "https://bugzilla.suse.com/1256355"
},
{
"category": "self",
"summary": "SUSE Bug 1256368",
"url": "https://bugzilla.suse.com/1256368"
},
{
"category": "self",
"summary": "SUSE Bug 1256370",
"url": "https://bugzilla.suse.com/1256370"
},
{
"category": "self",
"summary": "SUSE Bug 1256375",
"url": "https://bugzilla.suse.com/1256375"
},
{
"category": "self",
"summary": "SUSE Bug 1256382",
"url": "https://bugzilla.suse.com/1256382"
},
{
"category": "self",
"summary": "SUSE Bug 1256383",
"url": "https://bugzilla.suse.com/1256383"
},
{
"category": "self",
"summary": "SUSE Bug 1256384",
"url": "https://bugzilla.suse.com/1256384"
},
{
"category": "self",
"summary": "SUSE Bug 1256386",
"url": "https://bugzilla.suse.com/1256386"
},
{
"category": "self",
"summary": "SUSE Bug 1256388",
"url": "https://bugzilla.suse.com/1256388"
},
{
"category": "self",
"summary": "SUSE Bug 1256391",
"url": "https://bugzilla.suse.com/1256391"
},
{
"category": "self",
"summary": "SUSE Bug 1256394",
"url": "https://bugzilla.suse.com/1256394"
},
{
"category": "self",
"summary": "SUSE Bug 1256395",
"url": "https://bugzilla.suse.com/1256395"
},
{
"category": "self",
"summary": "SUSE Bug 1256396",
"url": "https://bugzilla.suse.com/1256396"
},
{
"category": "self",
"summary": "SUSE Bug 1256397",
"url": "https://bugzilla.suse.com/1256397"
},
{
"category": "self",
"summary": "SUSE Bug 1256423",
"url": "https://bugzilla.suse.com/1256423"
},
{
"category": "self",
"summary": "SUSE Bug 1256426",
"url": "https://bugzilla.suse.com/1256426"
},
{
"category": "self",
"summary": "SUSE Bug 1256432",
"url": "https://bugzilla.suse.com/1256432"
},
{
"category": "self",
"summary": "SUSE Bug 1256582",
"url": "https://bugzilla.suse.com/1256582"
},
{
"category": "self",
"summary": "SUSE Bug 1256612",
"url": "https://bugzilla.suse.com/1256612"
},
{
"category": "self",
"summary": "SUSE Bug 1256641",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "self",
"summary": "SUSE Bug 1256744",
"url": "https://bugzilla.suse.com/1256744"
},
{
"category": "self",
"summary": "SUSE Bug 1256779",
"url": "https://bugzilla.suse.com/1256779"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0854 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48853 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50614 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50615 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50617 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50618 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50619 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50622 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50623 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50625 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50626 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50629 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50630 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50633 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50635 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50636 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50638 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50640 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50641 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50643 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50644 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50646 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50649 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50652 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50653 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50656 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50658 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50660 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50661 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50662 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50666 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50668 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50669 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50670 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50671 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50672 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50673 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50675 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50677 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50678 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50679 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50697 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50698 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50699 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50700 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50702 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50704 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50709 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50715 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50716 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50717 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50718 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50719 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50722 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50724 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50726 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50727 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50728 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50730 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50731 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50732 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50733 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50735 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50736 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50740 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50742 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50744 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50747 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50749 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50750 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50751 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50752 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50754 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50755 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50756 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50757 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50758 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50760 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50761 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50763 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50767 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50769 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50770 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50774 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50776 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50777 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50779 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50781 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50782 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50809 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50814 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50819 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50821 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50822 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50828 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50829 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50830 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50832 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50834 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50835 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50840 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50842 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50843 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50844 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50845 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50846 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50848 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50849 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50851 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50853 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50856 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50858 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50859 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50860 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50861 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50864 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50866 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50868 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50870 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50872 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50876 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50878 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50880 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50881 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50882 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50884 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50885 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50888 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53215 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53254 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53743 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53744 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53747 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53751 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53754 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53755 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53761 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53766 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53781 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53783 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53786 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53792 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53794 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53802 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53803 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53804 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53808 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53811 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53814 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53818 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53819 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53820 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53827 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53830 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53832 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53834 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53837 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53840 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53842 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53844 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53845 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53847 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53850 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53852 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53858 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53862 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53866 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53990 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53991 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53996 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54001 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54003 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54007 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54009 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54010 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54014 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54015 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54018 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54019 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54020 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54021 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54024 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54025 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54026 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54028 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54036 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54039 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54040 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54042 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54046 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54046/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54048 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54048/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54050 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54051 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54053 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54055 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54058 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54064 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54072 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54076 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54078 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54079 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54083 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54084 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54090 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54091 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54092 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54095 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54096 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54097 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54098 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54100 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54102 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54104 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54110 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54111 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54115 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54118 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54119 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54120 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54122 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54123 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54126 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54127 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54130 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54131 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54136 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54140 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54146 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54150 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54153 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54156 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54166 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54168 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54170 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54171 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54173 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54177 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54183 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54186 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54189 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54190 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54198 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54199 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54202 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54205 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54208 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54211 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54213 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54214 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54219 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54230 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54236 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54242 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54243 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54244 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54245 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54252 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54260 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54264 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54266 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54269 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54270 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54271 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54274 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54275 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54277 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54280 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54284 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54287 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54289 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54292 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54293 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54294 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54295 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54298 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54299 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54300 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54301 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54302 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54304 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54305 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54309 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54311 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54315 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54317 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54321 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54325 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-54326 page",
"url": "https://www.suse.com/security/cve/CVE-2023-54326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44987 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38068 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39977 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40139 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40258 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40280 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40331 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68285 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68771 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71116 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71120/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-02-09T14:51:43Z",
"generator": {
"date": "2026-02-09T14:51:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0411-1",
"initial_release_date": "2026-02-09T14:51:43Z",
"revision_history": [
{
"date": "2026-02-09T14:51:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.142.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.142.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.142.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.142.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.142.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.142.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.142.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.142.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.142.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.142.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.142.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.142.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0854"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel\u0027s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0854",
"url": "https://www.suse.com/security/cve/CVE-2022-0854"
},
{
"category": "external",
"summary": "SUSE Bug 1196823 for CVE-2022-0854",
"url": "https://bugzilla.suse.com/1196823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-0854"
},
{
"cve": "CVE-2022-48853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: fix info leak with DMA_FROM_DEVICE\n\nThe problem I\u0027m addressing was discovered by the LTP test covering\ncve-2018-1000204.\n\nA short description of what happens follows:\n1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO\n interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV\n and a corresponding dxferp. The peculiar thing about this is that TUR\n is not reading from the device.\n2) In sg_start_req() the invocation of blk_rq_map_user() effectively\n bounces the user-space buffer. As if the device was to transfer into\n it. Since commit a45b599ad808 (\"scsi: sg: allocate with __GFP_ZERO in\n sg_build_indirect()\") we make sure this first bounce buffer is\n allocated with GFP_ZERO.\n3) For the rest of the story we keep ignoring that we have a TUR, so the\n device won\u0027t touch the buffer we prepare as if the we had a\n DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device\n and the buffer allocated by SG is mapped by the function\n virtqueue_add_split() which uses DMA_FROM_DEVICE for the \"in\" sgs (here\n scatter-gather and not scsi generics). This mapping involves bouncing\n via the swiotlb (we need swiotlb to do virtio in protected guest like\n s390 Secure Execution, or AMD SEV).\n4) When the SCSI TUR is done, we first copy back the content of the second\n (that is swiotlb) bounce buffer (which most likely contains some\n previous IO data), to the first bounce buffer, which contains all\n zeros. Then we copy back the content of the first bounce buffer to\n the user-space buffer.\n5) The test case detects that the buffer, which it zero-initialized,\n ain\u0027t all zeros and fails.\n\nOne can argue that this is an swiotlb problem, because without swiotlb\nwe leak all zeros, and the swiotlb should be transparent in a sense that\nit does not affect the outcome (if all other participants are well\nbehaved).\n\nCopying the content of the original buffer into the swiotlb buffer is\nthe only way I can think of to make swiotlb transparent in such\nscenarios. So let\u0027s do just that if in doubt, but allow the driver\nto tell us that the whole mapped buffer is going to be overwritten,\nin which case we can preserve the old behavior and avoid the performance\nimpact of the extra bounce.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48853",
"url": "https://www.suse.com/security/cve/CVE-2022-48853"
},
{
"category": "external",
"summary": "SUSE Bug 1228015 for CVE-2022-48853",
"url": "https://bugzilla.suse.com/1228015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-48853"
},
{
"cve": "CVE-2022-50614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic\n\nThe dma_map_single() doesn\u0027t permit zero length mapping. It causes a follow\npanic.\n\nA panic was reported on arm64:\n\n[ 60.137988] ------------[ cut here ]------------\n[ 60.142630] kernel BUG at kernel/dma/swiotlb.c:624!\n[ 60.147508] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 60.152992] Modules linked in: dw_hdmi_cec crct10dif_ce simple_bridge rcar_fdp1 vsp1 rcar_vin videobuf2_vmalloc rcar_csi2 v4l\n2_mem2mem videobuf2_dma_contig videobuf2_memops pci_endpoint_test videobuf2_v4l2 videobuf2_common rcar_fcp v4l2_fwnode v4l2_asyn\nc videodev mc gpio_bd9571mwv max9611 pwm_rcar ccree at24 authenc libdes phy_rcar_gen3_usb3 usb_dmac display_connector pwm_bl\n[ 60.186252] CPU: 0 PID: 508 Comm: pcitest Not tainted 6.0.0-rc1rpci-dev+ #237\n[ 60.193387] Hardware name: Renesas Salvator-X 2nd version board based on r8a77951 (DT)\n[ 60.201302] pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 60.208263] pc : swiotlb_tbl_map_single+0x2c0/0x590\n[ 60.213149] lr : swiotlb_map+0x88/0x1f0\n[ 60.216982] sp : ffff80000a883bc0\n[ 60.220292] x29: ffff80000a883bc0 x28: 0000000000000000 x27: 0000000000000000\n[ 60.227430] x26: 0000000000000000 x25: ffff0004c0da20d0 x24: ffff80000a1f77c0\n[ 60.234567] x23: 0000000000000002 x22: 0001000040000010 x21: 000000007a000000\n[ 60.241703] x20: 0000000000200000 x19: 0000000000000000 x18: 0000000000000000\n[ 60.248840] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0006ff7b9180\n[ 60.255977] x14: ffff0006ff7b9180 x13: 0000000000000000 x12: 0000000000000000\n[ 60.263113] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n[ 60.270249] x8 : 0001000000000010 x7 : ffff0004c6754b20 x6 : 0000000000000000\n[ 60.277385] x5 : ffff0004c0da2090 x4 : 0000000000000000 x3 : 0000000000000001\n[ 60.284521] x2 : 0000000040000000 x1 : 0000000000000000 x0 : 0000000040000010\n[ 60.291658] Call trace:\n[ 60.294100] swiotlb_tbl_map_single+0x2c0/0x590\n[ 60.298629] swiotlb_map+0x88/0x1f0\n[ 60.302115] dma_map_page_attrs+0x188/0x230\n[ 60.306299] pci_endpoint_test_ioctl+0x5e4/0xd90 [pci_endpoint_test]\n[ 60.312660] __arm64_sys_ioctl+0xa8/0xf0\n[ 60.316583] invoke_syscall+0x44/0x108\n[ 60.320334] el0_svc_common.constprop.0+0xcc/0xf0\n[ 60.325038] do_el0_svc+0x2c/0xb8\n[ 60.328351] el0_svc+0x2c/0x88\n[ 60.331406] el0t_64_sync_handler+0xb8/0xc0\n[ 60.335587] el0t_64_sync+0x18c/0x190\n[ 60.339251] Code: 52800013 d2e00414 35fff45c d503201f (d4210000)\n[ 60.345344] ---[ end trace 0000000000000000 ]---\n\nTo fix it, this patch adds a checking the payload length if it is zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50614",
"url": "https://www.suse.com/security/cve/CVE-2022-50614"
},
{
"category": "external",
"summary": "SUSE Bug 1254578 for CVE-2022-50614",
"url": "https://bugzilla.suse.com/1254578"
},
{
"category": "external",
"summary": "SUSE Bug 1254647 for CVE-2022-50614",
"url": "https://bugzilla.suse.com/1254647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50614"
},
{
"cve": "CVE-2022-50615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()\n\npci_get_device() will increase the reference count for the returned\npci_dev, so snr_uncore_get_mc_dev() will return a pci_dev with its\nreference count increased. We need to call pci_dev_put() to decrease the\nreference count. Let\u0027s add the missing pci_dev_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50615",
"url": "https://www.suse.com/security/cve/CVE-2022-50615"
},
{
"category": "external",
"summary": "SUSE Bug 1254580 for CVE-2022-50615",
"url": "https://bugzilla.suse.com/1254580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50615"
},
{
"cve": "CVE-2022-50617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/powerplay/psm: Fix memory leak in power state init\n\nCommit 902bc65de0b3 (\"drm/amdgpu/powerplay/psm: return an error in power\nstate init\") made the power state init function return early in case of\nfailure to get an entry from the powerplay table, but it missed to clean up\nthe allocated memory for the current power state before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50617",
"url": "https://www.suse.com/security/cve/CVE-2022-50617"
},
{
"category": "external",
"summary": "SUSE Bug 1254780 for CVE-2022-50617",
"url": "https://bugzilla.suse.com/1254780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50617"
},
{
"cve": "CVE-2022-50618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: meson-gx: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\nit will lead two issues:\n1. The memory that allocated in mmc_alloc_host() is leaked.\n2. In the remove() path, mmc_remove_host() will be called to\n delete device, but it\u0027s not added yet, it will lead a kernel\n crash because of null-ptr-deref in device_del().\n\nFix this by checking the return value and goto error path which\nwill call mmc_free_host().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50618",
"url": "https://www.suse.com/security/cve/CVE-2022-50618"
},
{
"category": "external",
"summary": "SUSE Bug 1254788 for CVE-2022-50618",
"url": "https://bugzilla.suse.com/1254788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50618"
},
{
"cve": "CVE-2022-50619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()\n\nIf the number of pages from the userptr BO differs from the SG BO then the\nallocated memory for the SG table doesn\u0027t get freed before returning\n-EINVAL, which may lead to a memory leak in some error paths. Fix this by\nchecking the number of pages before allocating memory for the SG table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50619",
"url": "https://www.suse.com/security/cve/CVE-2022-50619"
},
{
"category": "external",
"summary": "SUSE Bug 1254789 for CVE-2022-50619",
"url": "https://bugzilla.suse.com/1254789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50619"
},
{
"cve": "CVE-2022-50622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix potential memory leak in ext4_fc_record_modified_inode()\n\nAs krealloc may return NULL, in this case \u0027state-\u003efc_modified_inodes\u0027\nmay not be freed by krealloc, but \u0027state-\u003efc_modified_inodes\u0027 already\nset NULL. Then will lead to \u0027state-\u003efc_modified_inodes\u0027 memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50622",
"url": "https://www.suse.com/security/cve/CVE-2022-50622"
},
{
"category": "external",
"summary": "SUSE Bug 1255467 for CVE-2022-50622",
"url": "https://bugzilla.suse.com/1255467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50622"
},
{
"cve": "CVE-2022-50623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: prevent integer overflow in dfl_feature_ioctl_set_irq()\n\nThe \"hdr.count * sizeof(s32)\" multiplication can overflow on 32 bit\nsystems leading to memory corruption. Use array_size() to fix that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50623",
"url": "https://www.suse.com/security/cve/CVE-2022-50623"
},
{
"category": "external",
"summary": "SUSE Bug 1254792 for CVE-2022-50623",
"url": "https://bugzilla.suse.com/1254792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50623"
},
{
"cve": "CVE-2022-50625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50625"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: amba-pl011: avoid SBSA UART accessing DMACR register\n\nChapter \"B Generic UART\" in \"ARM Server Base System Architecture\" [1]\ndocumentation describes a generic UART interface. Such generic UART\ndoes not support DMA. In current code, sbsa_uart_pops and\namba_pl011_pops share the same stop_rx operation, which will invoke\npl011_dma_rx_stop, leading to an access of the DMACR register. This\ncommit adds a using_rx_dma check in pl011_dma_rx_stop to avoid the\naccess to DMACR register for SBSA UARTs which does not support DMA.\n\nWhen the kernel enables DMA engine with \"CONFIG_DMA_ENGINE=y\", Linux\nSBSA PL011 driver will access PL011 DMACR register in some functions.\nFor most real SBSA Pl011 hardware implementations, the DMACR write\nbehaviour will be ignored. So these DMACR operations will not cause\nobvious problems. But for some virtual SBSA PL011 hardware, like Xen\nvirtual SBSA PL011 (vpl011) device, the behaviour might be different.\nXen vpl011 emulation will inject a data abort to guest, when guest is\naccessing an unimplemented UART register. As Xen VPL011 is SBSA\ncompatible, it will not implement DMACR register. So when Linux SBSA\nPL011 driver access DMACR register, it will get an unhandled data abort\nfault and the application will get a segmentation fault:\nUnhandled fault at 0xffffffc00944d048\nMem abort info:\n ESR = 0x96000000\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x00: ttbr address size fault\nData abort info:\n ISV = 0, ISS = 0x00000000\n CM = 0, WnR = 0\nswapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000020e2e000\n[ffffffc00944d048] pgd=100000003ffff803, p4d=100000003ffff803, pud=100000003ffff803, pmd=100000003fffa803, pte=006800009c090f13\nInternal error: ttbr address size fault: 96000000 [#1] PREEMPT SMP\n...\nCall trace:\n pl011_stop_rx+0x70/0x80\n tty_port_shutdown+0x7c/0xb4\n tty_port_close+0x60/0xcc\n uart_close+0x34/0x8c\n tty_release+0x144/0x4c0\n __fput+0x78/0x220\n ____fput+0x1c/0x30\n task_work_run+0x88/0xc0\n do_notify_resume+0x8d0/0x123c\n el0_svc+0xa8/0xc0\n el0t_64_sync_handler+0xa4/0x130\n el0t_64_sync+0x1a0/0x1a4\nCode: b9000083 b901f001 794038a0 8b000042 (b9000041)\n---[ end trace 83dd93df15c3216f ]---\nnote: bootlogd[132] exited with preempt_count 1\n/etc/rcS.d/S07bootlogd: line 47: 132 Segmentation fault start-stop-daemon\n\nThis has been discussed in the Xen community, and we think it should fix\nthis in Linux. See [2] for more information.\n\n[1] https://developer.arm.com/documentation/den0094/c/?lang=en\n[2] https://lists.xenproject.org/archives/html/xen-devel/2022-11/msg00543.html",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50625",
"url": "https://www.suse.com/security/cve/CVE-2022-50625"
},
{
"category": "external",
"summary": "SUSE Bug 1254559 for CVE-2022-50625",
"url": "https://bugzilla.suse.com/1254559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50625"
},
{
"cve": "CVE-2022-50626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50626"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: fix memory leak in dvb_usb_adapter_init()\n\nSyzbot reports a memory leak in \"dvb_usb_adapter_init()\".\nThe leak is due to not accounting for and freeing current iteration\u0027s\nadapter-\u003epriv in case of an error. Currently if an error occurs,\nit will exit before incrementing \"num_adapters_initalized\",\nwhich is used as a reference counter to free all adap-\u003epriv\nin \"dvb_usb_adapter_exit()\". There are multiple error paths that\ncan exit from before incrementing the counter. Including the\nerror handling paths for \"dvb_usb_adapter_stream_init()\",\n\"dvb_usb_adapter_dvb_init()\" and \"dvb_usb_adapter_frontend_init()\"\nwithin \"dvb_usb_adapter_init()\".\n\nThis means that in case of an error in any of these functions the\ncurrent iteration is not accounted for and the current iteration\u0027s\nadap-\u003epriv is not freed.\n\nFix this by freeing the current iteration\u0027s adap-\u003epriv in the\n\"stream_init_err:\" label in the error path. The rest of the\n(accounted for) adap-\u003epriv objects are freed in dvb_usb_adapter_exit()\nas expected using the num_adapters_initalized variable.\n\nSyzbot report:\n\nBUG: memory leak\nunreferenced object 0xffff8881172f1a00 (size 512):\n comm \"kworker/0:2\", pid 139, jiffies 4294994873 (age 10.960s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n [\u003cffffffff844af012\u003e] dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:75 [inline]\n [\u003cffffffff844af012\u003e] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:184 [inline]\n [\u003cffffffff844af012\u003e] dvb_usb_device_init.cold+0x4e5/0x79e drivers/media/usb/dvb-usb/dvb-usb-init.c:308\n [\u003cffffffff830db21d\u003e] dib0700_probe+0x8d/0x1b0 drivers/media/usb/dvb-usb/dib0700_core.c:883\n [\u003cffffffff82d3fdc7\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n [\u003cffffffff8274ab37\u003e] call_driver_probe drivers/base/dd.c:542 [inline]\n [\u003cffffffff8274ab37\u003e] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n [\u003cffffffff8274ae6c\u003e] really_probe drivers/base/dd.c:583 [inline]\n [\u003cffffffff8274ae6c\u003e] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752\n [\u003cffffffff8274af6a\u003e] driver_probe_device+0x2a/0x120 drivers/base/dd.c:782\n [\u003cffffffff8274b786\u003e] __device_attach_driver+0xf6/0x140 drivers/base/dd.c:899\n [\u003cffffffff82747c87\u003e] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427\n [\u003cffffffff8274b352\u003e] __device_attach+0x122/0x260 drivers/base/dd.c:970\n [\u003cffffffff827498f6\u003e] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487\n [\u003cffffffff82745cdb\u003e] device_add+0x5fb/0xdf0 drivers/base/core.c:3405\n [\u003cffffffff82d3d202\u003e] usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2170\n [\u003cffffffff82d4dbfc\u003e] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n [\u003cffffffff82d3f49c\u003e] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n [\u003cffffffff8274ab37\u003e] call_driver_probe drivers/base/dd.c:542 [inline]\n [\u003cffffffff8274ab37\u003e] really_probe.part.0+0xe7/0x310 drivers/base/dd.c:621\n [\u003cffffffff8274ae6c\u003e] really_probe drivers/base/dd.c:583 [inline]\n [\u003cffffffff8274ae6c\u003e] __driver_probe_device+0x10c/0x1e0 drivers/base/dd.c:752",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50626",
"url": "https://www.suse.com/security/cve/CVE-2022-50626"
},
{
"category": "external",
"summary": "SUSE Bug 1254562 for CVE-2022-50626",
"url": "https://bugzilla.suse.com/1254562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50626"
},
{
"cve": "CVE-2022-50629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50629"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Fix memory leak in rsi_coex_attach()\n\nThe coex_cb needs to be freed when rsi_create_kthread() failed in\nrsi_coex_attach().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50629",
"url": "https://www.suse.com/security/cve/CVE-2022-50629"
},
{
"category": "external",
"summary": "SUSE Bug 1254783 for CVE-2022-50629",
"url": "https://bugzilla.suse.com/1254783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50629"
},
{
"cve": "CVE-2022-50630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50630"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: hugetlb: fix UAF in hugetlb_handle_userfault\n\nThe vma_lock and hugetlb_fault_mutex are dropped before handling userfault\nand reacquire them again after handle_userfault(), but reacquire the\nvma_lock could lead to UAF[1,2] due to the following race,\n\nhugetlb_fault\n hugetlb_no_page\n /*unlock vma_lock */\n hugetlb_handle_userfault\n handle_userfault\n /* unlock mm-\u003emmap_lock*/\n vm_mmap_pgoff\n do_mmap\n mmap_region\n munmap_vma_range\n /* clean old vma */\n /* lock vma_lock again \u003c--- UAF */\n /* unlock vma_lock */\n\nSince the vma_lock will unlock immediately after\nhugetlb_handle_userfault(), let\u0027s drop the unneeded lock and unlock in\nhugetlb_handle_userfault() to fix the issue.\n\n[1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/\n[2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50630",
"url": "https://www.suse.com/security/cve/CVE-2022-50630"
},
{
"category": "external",
"summary": "SUSE Bug 1254785 for CVE-2022-50630",
"url": "https://bugzilla.suse.com/1254785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50630"
},
{
"cve": "CVE-2022-50633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init\n\nof_icc_get() alloc resources for path handle, we should release it when not\nneed anymore. Like the release in dwc3_qcom_interconnect_exit() function.\nAdd icc_put() in error handling to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50633",
"url": "https://www.suse.com/security/cve/CVE-2022-50633"
},
{
"category": "external",
"summary": "SUSE Bug 1254644 for CVE-2022-50633",
"url": "https://bugzilla.suse.com/1254644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50633"
},
{
"cve": "CVE-2022-50635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()\n\nI found a null pointer reference in arch_prepare_kprobe():\n\n # echo \u0027p cmdline_proc_show\u0027 \u003e kprobe_events\n # echo \u0027p cmdline_proc_show+16\u0027 \u003e\u003e kprobe_events\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc000000000050bfc\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in:\n CPU: 0 PID: 122 Comm: sh Not tainted 6.0.0-rc3-00007-gdcf8e5633e2e #10\n NIP: c000000000050bfc LR: c000000000050bec CTR: 0000000000005bdc\n REGS: c0000000348475b0 TRAP: 0300 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 9000000000009033 \u003cSF,HV,EE,ME,IR,DR,RI,LE\u003e CR: 88002444 XER: 20040006\n CFAR: c00000000022d100 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0\n ...\n NIP arch_prepare_kprobe+0x10c/0x2d0\n LR arch_prepare_kprobe+0xfc/0x2d0\n Call Trace:\n 0xc0000000012f77a0 (unreliable)\n register_kprobe+0x3c0/0x7a0\n __register_trace_kprobe+0x140/0x1a0\n __trace_kprobe_create+0x794/0x1040\n trace_probe_create+0xc4/0xe0\n create_or_delete_trace_kprobe+0x2c/0x80\n trace_parse_run_command+0xf0/0x210\n probes_write+0x20/0x40\n vfs_write+0xfc/0x450\n ksys_write+0x84/0x140\n system_call_exception+0x17c/0x3a0\n system_call_vectored_common+0xe8/0x278\n --- interrupt: 3000 at 0x7fffa5682de0\n NIP: 00007fffa5682de0 LR: 0000000000000000 CTR: 0000000000000000\n REGS: c000000034847e80 TRAP: 3000 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)\n MSR: 900000000280f033 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE\u003e CR: 44002408 XER: 00000000\n\nThe address being probed has some special:\n\n cmdline_proc_show: Probe based on ftrace\n cmdline_proc_show+16: Probe for the next instruction at the ftrace location\n\nThe ftrace-based kprobe does not generate kprobe::ainsn::insn, it gets\nset to NULL. In arch_prepare_kprobe() it will check for:\n\n ...\n prev = get_kprobe(p-\u003eaddr - 1);\n preempt_enable_no_resched();\n if (prev \u0026\u0026 ppc_inst_prefixed(ppc_inst_read(prev-\u003eainsn.insn))) {\n ...\n\nIf prev is based on ftrace, \u0027ppc_inst_read(prev-\u003eainsn.insn)\u0027 will occur\nwith a null pointer reference. At this point prev-\u003eaddr will not be a\nprefixed instruction, so the check can be skipped.\n\nCheck if prev is ftrace-based kprobe before reading \u0027prev-\u003eainsn.insn\u0027\nto fix this problem.\n\n[mpe: Trim oops]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50635",
"url": "https://www.suse.com/security/cve/CVE-2022-50635"
},
{
"category": "external",
"summary": "SUSE Bug 1254592 for CVE-2022-50635",
"url": "https://bugzilla.suse.com/1254592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50635"
},
{
"cve": "CVE-2022-50636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix pci_device_is_present() for VFs by checking PF\n\npci_device_is_present() previously didn\u0027t work for VFs because it reads the\nVendor and Device ID, which are 0xffff for VFs, which looks like they\naren\u0027t present. Check the PF instead.\n\nWei Gong reported that if virtio I/O is in progress when the driver is\nunbound or \"0\" is written to /sys/.../sriov_numvfs, the virtio I/O\noperation hangs, which may result in output like this:\n\n task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002\n Call Trace:\n schedule+0x4f/0xc0\n blk_mq_freeze_queue_wait+0x69/0xa0\n blk_mq_freeze_queue+0x1b/0x20\n blk_cleanup_queue+0x3d/0xd0\n virtblk_remove+0x3c/0xb0 [virtio_blk]\n virtio_dev_remove+0x4b/0x80\n ...\n device_unregister+0x1b/0x60\n unregister_virtio_device+0x18/0x30\n virtio_pci_remove+0x41/0x80\n pci_device_remove+0x3e/0xb0\n\nThis happened because pci_device_is_present(VF) returned \"false\" in\nvirtio_pci_remove(), so it called virtio_break_device(). The broken vq\nmeant that vring_interrupt() skipped the vq.callback() that would have\ncompleted the virtio I/O operation via virtblk_done().\n\n[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50636",
"url": "https://www.suse.com/security/cve/CVE-2022-50636"
},
{
"category": "external",
"summary": "SUSE Bug 1254645 for CVE-2022-50636",
"url": "https://bugzilla.suse.com/1254645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50636"
},
{
"cve": "CVE-2022-50638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search caused by bad boot loader inode\n\nWe got a issue as fllows:\n==================================================================\n kernel BUG at fs/ext4/extents_status.c:203!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 945 Comm: cat Not tainted 6.0.0-next-20221007-dirty #349\n RIP: 0010:ext4_es_end.isra.0+0x34/0x42\n RSP: 0018:ffffc9000143b768 EFLAGS: 00010203\n RAX: 0000000000000000 RBX: ffff8881769cd0b8 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff8fc27cf7 RDI: 00000000ffffffff\n RBP: ffff8881769cd0bc R08: 0000000000000000 R09: ffffc9000143b5f8\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881769cd0a0\n R13: ffff8881768e5668 R14: 00000000768e52f0 R15: 0000000000000000\n FS: 00007f359f7f05c0(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f359f5a2000 CR3: 000000017130c000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __es_tree_search.isra.0+0x6d/0xf5\n ext4_es_cache_extent+0xfa/0x230\n ext4_cache_extents+0xd2/0x110\n ext4_find_extent+0x5d5/0x8c0\n ext4_ext_map_blocks+0x9c/0x1d30\n ext4_map_blocks+0x431/0xa50\n ext4_mpage_readpages+0x48e/0xe40\n ext4_readahead+0x47/0x50\n read_pages+0x82/0x530\n page_cache_ra_unbounded+0x199/0x2a0\n do_page_cache_ra+0x47/0x70\n page_cache_ra_order+0x242/0x400\n ondemand_readahead+0x1e8/0x4b0\n page_cache_sync_ra+0xf4/0x110\n filemap_get_pages+0x131/0xb20\n filemap_read+0xda/0x4b0\n generic_file_read_iter+0x13a/0x250\n ext4_file_read_iter+0x59/0x1d0\n vfs_read+0x28f/0x460\n ksys_read+0x73/0x160\n __x64_sys_read+0x1e/0x30\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n==================================================================\n\nIn the above issue, ioctl invokes the swap_inode_boot_loader function to\nswap inode\u003c5\u003e and inode\u003c12\u003e. However, inode\u003c5\u003e contain incorrect imode and\ndisordered extents, and i_nlink is set to 1. The extents check for inode in\nthe ext4_iget function can be bypassed bacause 5 is EXT4_BOOT_LOADER_INO.\nWhile links_count is set to 1, the extents are not initialized in\nswap_inode_boot_loader. After the ioctl command is executed successfully,\nthe extents are swapped to inode\u003c12\u003e, in this case, run the `cat` command\nto view inode\u003c12\u003e. And Bug_ON is triggered due to the incorrect extents.\n\nWhen the boot loader inode is not initialized, its imode can be one of the\nfollowing:\n1) the imode is a bad type, which is marked as bad_inode in ext4_iget and\n set to S_IFREG.\n2) the imode is good type but not S_IFREG.\n3) the imode is S_IFREG.\n\nThe BUG_ON may be triggered by bypassing the check in cases 1 and 2.\nTherefore, when the boot loader inode is bad_inode or its imode is not\nS_IFREG, initialize the inode to avoid triggering the BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50638",
"url": "https://www.suse.com/security/cve/CVE-2022-50638"
},
{
"category": "external",
"summary": "SUSE Bug 1255469 for CVE-2022-50638",
"url": "https://bugzilla.suse.com/1255469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50638"
},
{
"cve": "CVE-2022-50640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Fix kernel panic when remove non-standard SDIO card\n\nSDIO tuple is only allocated for standard SDIO card, especially it causes\nmemory corruption issues when the non-standard SDIO card has removed, which\nis because the card device\u0027s reference counter does not increase for it at\nsdio_init_func(), but all SDIO card device reference counter gets decreased\nat sdio_release_func().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50640",
"url": "https://www.suse.com/security/cve/CVE-2022-50640"
},
{
"category": "external",
"summary": "SUSE Bug 1254686 for CVE-2022-50640",
"url": "https://bugzilla.suse.com/1254686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50640"
},
{
"cve": "CVE-2022-50641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50641"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHSI: omap_ssi: Fix refcount leak in ssi_probe\n\nWhen returning or breaking early from a\nfor_each_available_child_of_node() loop, we need to explicitly call\nof_node_put() on the child node to possibly release the node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50641",
"url": "https://www.suse.com/security/cve/CVE-2022-50641"
},
{
"category": "external",
"summary": "SUSE Bug 1254614 for CVE-2022-50641",
"url": "https://bugzilla.suse.com/1254614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50641"
},
{
"cve": "CVE-2022-50643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50643"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix xid leak in cifs_copy_file_range()\n\nIf the file is used by swap, before return -EOPNOTSUPP, should\nfree the xid, otherwise, the xid will be leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50643",
"url": "https://www.suse.com/security/cve/CVE-2022-50643"
},
{
"category": "external",
"summary": "SUSE Bug 1254631 for CVE-2022-50643",
"url": "https://bugzilla.suse.com/1254631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50643"
},
{
"cve": "CVE-2022-50644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe\n\npm_runtime_get_sync() will increment pm usage counter.\nForgetting to putting operation will result in reference leak.\nAdd missing pm_runtime_put_sync in some error paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50644",
"url": "https://www.suse.com/security/cve/CVE-2022-50644"
},
{
"category": "external",
"summary": "SUSE Bug 1254632 for CVE-2022-50644",
"url": "https://bugzilla.suse.com/1254632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50644"
},
{
"cve": "CVE-2022-50646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hpsa: Fix possible memory leak in hpsa_init_one()\n\nThe hpda_alloc_ctlr_info() allocates h and its field reply_map. However, in\nhpsa_init_one(), if alloc_percpu() failed, the hpsa_init_one() jumps to\nclean1 directly, which frees h and leaks the h-\u003ereply_map.\n\nFix by calling hpda_free_ctlr_info() to release h-\u003ereplay_map and h instead\nfree h directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50646",
"url": "https://www.suse.com/security/cve/CVE-2022-50646"
},
{
"category": "external",
"summary": "SUSE Bug 1254634 for CVE-2022-50646",
"url": "https://bugzilla.suse.com/1254634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50646"
},
{
"cve": "CVE-2022-50649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()\n\nADP5061_CHG_STATUS_1_CHG_STATUS is masked with 0x07, which means a length\nof 8, but adp5061_chg_type array size is 4, may end up reading 4 elements\nbeyond the end of the adp5061_chg_type[] array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50649",
"url": "https://www.suse.com/security/cve/CVE-2022-50649"
},
{
"category": "external",
"summary": "SUSE Bug 1254775 for CVE-2022-50649",
"url": "https://bugzilla.suse.com/1254775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50649"
},
{
"cve": "CVE-2022-50652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio: uio_dmem_genirq: Fix missing unlock in irq configuration\n\nCommit b74351287d4b (\"uio: fix a sleep-in-atomic-context bug in\nuio_dmem_genirq_irqcontrol()\") started calling disable_irq() without\nholding the spinlock because it can sleep. However, that fix introduced\nanother bug: if interrupt is already disabled and a new disable request\ncomes in, then the spinlock is not unlocked:\n\nroot@localhost:~# printf \u0027\\x00\\x00\\x00\\x00\u0027 \u003e /dev/uio0\nroot@localhost:~# printf \u0027\\x00\\x00\\x00\\x00\u0027 \u003e /dev/uio0\nroot@localhost:~# [ 14.851538] BUG: scheduling while atomic: bash/223/0x00000002\n[ 14.851991] Modules linked in: uio_dmem_genirq uio myfpga(OE) bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper drm snd_pcm ppdev joydev psmouse snd_timer snd e1000fb_sys_fops syscopyarea parport sysfillrect soundcore sysimgblt input_leds pcspkr i2c_piix4 serio_raw floppy evbug qemu_fw_cfg mac_hid pata_acpi ip_tables x_tables autofs4 [last unloaded: parport_pc]\n[ 14.854206] CPU: 0 PID: 223 Comm: bash Tainted: G OE 6.0.0-rc7 #21\n[ 14.854786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 14.855664] Call Trace:\n[ 14.855861] \u003cTASK\u003e\n[ 14.856025] dump_stack_lvl+0x4d/0x67\n[ 14.856325] dump_stack+0x14/0x1a\n[ 14.856583] __schedule_bug.cold+0x4b/0x5c\n[ 14.856915] __schedule+0xe81/0x13d0\n[ 14.857199] ? idr_find+0x13/0x20\n[ 14.857456] ? get_work_pool+0x2d/0x50\n[ 14.857756] ? __flush_work+0x233/0x280\n[ 14.858068] ? __schedule+0xa95/0x13d0\n[ 14.858307] ? idr_find+0x13/0x20\n[ 14.858519] ? get_work_pool+0x2d/0x50\n[ 14.858798] schedule+0x6c/0x100\n[ 14.859009] schedule_hrtimeout_range_clock+0xff/0x110\n[ 14.859335] ? tty_write_room+0x1f/0x30\n[ 14.859598] ? n_tty_poll+0x1ec/0x220\n[ 14.859830] ? tty_ldisc_deref+0x1a/0x20\n[ 14.860090] schedule_hrtimeout_range+0x17/0x20\n[ 14.860373] do_select+0x596/0x840\n[ 14.860627] ? __kernel_text_address+0x16/0x50\n[ 14.860954] ? poll_freewait+0xb0/0xb0\n[ 14.861235] ? poll_freewait+0xb0/0xb0\n[ 14.861517] ? rpm_resume+0x49d/0x780\n[ 14.861798] ? common_interrupt+0x59/0xa0\n[ 14.862127] ? asm_common_interrupt+0x2b/0x40\n[ 14.862511] ? __uart_start.isra.0+0x61/0x70\n[ 14.862902] ? __check_object_size+0x61/0x280\n[ 14.863255] core_sys_select+0x1c6/0x400\n[ 14.863575] ? vfs_write+0x1c9/0x3d0\n[ 14.863853] ? vfs_write+0x1c9/0x3d0\n[ 14.864121] ? _copy_from_user+0x45/0x70\n[ 14.864526] do_pselect.constprop.0+0xb3/0xf0\n[ 14.864893] ? do_syscall_64+0x6d/0x90\n[ 14.865228] ? do_syscall_64+0x6d/0x90\n[ 14.865556] __x64_sys_pselect6+0x76/0xa0\n[ 14.865906] do_syscall_64+0x60/0x90\n[ 14.866214] ? syscall_exit_to_user_mode+0x2a/0x50\n[ 14.866640] ? do_syscall_64+0x6d/0x90\n[ 14.866972] ? do_syscall_64+0x6d/0x90\n[ 14.867286] ? do_syscall_64+0x6d/0x90\n[ 14.867626] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...] stripped\n[ 14.872959] \u003c/TASK\u003e\n\n(\u0027myfpga\u0027 is a simple \u0027uio_dmem_genirq\u0027 driver I wrote to test this)\n\nThe implementation of \"uio_dmem_genirq\" was based on \"uio_pdrv_genirq\" and\nit is used in a similar manner to the \"uio_pdrv_genirq\" driver with respect\nto interrupt configuration and handling. At the time \"uio_dmem_genirq\" was\nintroduced, both had the same implementation of the \u0027uio_info\u0027 handlers\nirqcontrol() and handler(). Then commit 34cb27528398 (\"UIO: Fix concurrency\nissue\"), which was only applied to \"uio_pdrv_genirq\", ended up making them\na little different. That commit, among other things, changed disable_irq()\nto disable_irq_nosync() in the implementation of irqcontrol(). The\nmotivation there was to avoid a deadlock between irqcontrol() and\nhandler(), since it added a spinlock in the irq handler, and disable_irq()\nwaits for the completion of the irq handler.\n\nBy changing disable_irq() to disable_irq_nosync() in irqcontrol(), we also\navoid the sleeping-whil\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50652",
"url": "https://www.suse.com/security/cve/CVE-2022-50652"
},
{
"category": "external",
"summary": "SUSE Bug 1254728 for CVE-2022-50652",
"url": "https://bugzilla.suse.com/1254728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50652"
},
{
"cve": "CVE-2022-50653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: atmel-mci: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\nit will lead two issues:\n1. The memory that allocated in mmc_alloc_host() is leaked.\n2. In the remove() path, mmc_remove_host() will be called to\n delete device, but it\u0027s not added yet, it will lead a kernel\n crash because of null-ptr-deref in device_del().\n\nSo fix this by checking the return value and calling mmc_free_host()\nin the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50653",
"url": "https://www.suse.com/security/cve/CVE-2022-50653"
},
{
"category": "external",
"summary": "SUSE Bug 1254729 for CVE-2022-50653",
"url": "https://bugzilla.suse.com/1254729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50653"
},
{
"cve": "CVE-2022-50656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Clear nfc_target before being used\n\nFix a slab-out-of-bounds read that occurs in nla_put() called from\nnfc_genl_send_target() when target-\u003esensb_res_len, which is duplicated\nfrom an nfc_target in pn533, is too large as the nfc_target is not\nproperly initialized and retains garbage values. Clear nfc_targets with\nmemset() before they are used.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: slab-out-of-bounds in nla_put\nCall Trace:\n memcpy\n nla_put\n nfc_genl_dump_targets\n genl_lock_dumpit\n netlink_dump\n __netlink_dump_start\n genl_family_rcv_msg_dumpit\n genl_rcv_msg\n netlink_rcv_skb\n genl_rcv\n netlink_unicast\n netlink_sendmsg\n sock_sendmsg\n ____sys_sendmsg\n ___sys_sendmsg\n __sys_sendmsg\n do_syscall_64",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50656",
"url": "https://www.suse.com/security/cve/CVE-2022-50656"
},
{
"category": "external",
"summary": "SUSE Bug 1254745 for CVE-2022-50656",
"url": "https://bugzilla.suse.com/1254745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50656"
},
{
"cve": "CVE-2022-50658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: qcom: fix memory leak in error path\n\nIf for some reason the speedbin length is incorrect, then there is a\nmemory leak in the error path because we never free the speedbin buffer.\nThis commit fixes the error path to always free the speedbin buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50658",
"url": "https://www.suse.com/security/cve/CVE-2022-50658"
},
{
"category": "external",
"summary": "SUSE Bug 1254756 for CVE-2022-50658",
"url": "https://bugzilla.suse.com/1254756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50658"
},
{
"cve": "CVE-2022-50660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ipw2200: fix memory leak in ipw_wdev_init()\n\nIn the error path of ipw_wdev_init(), exception value is returned, and\nthe memory applied for in the function is not released. Also the memory\nis not released in ipw_pci_probe(). As a result, memory leakage occurs.\nSo memory release needs to be added to the error path of ipw_wdev_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50660",
"url": "https://www.suse.com/security/cve/CVE-2022-50660"
},
{
"category": "external",
"summary": "SUSE Bug 1254676 for CVE-2022-50660",
"url": "https://bugzilla.suse.com/1254676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50660"
},
{
"cve": "CVE-2022-50661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseccomp: Move copy_seccomp() to no failure path.\n\nOur syzbot instance reported memory leaks in do_seccomp() [0], similar\nto the report [1]. It shows that we miss freeing struct seccomp_filter\nand some objects included in it.\n\nWe can reproduce the issue with the program below [2] which calls one\nseccomp() and two clone() syscalls.\n\nThe first clone()d child exits earlier than its parent and sends a\nsignal to kill it during the second clone(), more precisely before the\nfatal_signal_pending() test in copy_process(). When the parent receives\nthe signal, it has to destroy the embryonic process and return -EINTR to\nuser space. In the failure path, we have to call seccomp_filter_release()\nto decrement the filter\u0027s refcount.\n\nInitially, we called it in free_task() called from the failure path, but\nthe commit 3a15fb6ed92c (\"seccomp: release filter after task is fully\ndead\") moved it to release_task() to notify user space as early as possible\nthat the filter is no longer used.\n\nTo keep the change and current seccomp refcount semantics, let\u0027s move\ncopy_seccomp() just after the signal check and add a WARN_ON_ONCE() in\nfree_task() for future debugging.\n\n[0]:\nunreferenced object 0xffff8880063add00 (size 256):\n comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.914s)\n hex dump (first 32 bytes):\n 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................\n ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n do_seccomp (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/seccomp.c:666 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nunreferenced object 0xffffc90000035000 (size 4096):\n comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n __vmalloc_node_range (mm/vmalloc.c:3226)\n __vmalloc_node (mm/vmalloc.c:3261 (discriminator 4))\n bpf_prog_alloc_no_stats (kernel/bpf/core.c:91)\n bpf_prog_alloc (kernel/bpf/core.c:129)\n bpf_prog_create_from_user (net/core/filter.c:1414)\n do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nunreferenced object 0xffff888003fa1000 (size 1024):\n comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n bpf_prog_alloc_no_stats (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/bpf/core.c:95)\n bpf_prog_alloc (kernel/bpf/core.c:129)\n bpf_prog_create_from_user (net/core/filter.c:1414)\n do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nunreferenced object 0xffff888006360240 (size 16):\n comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)\n hex dump (first 16 bytes):\n 01 00 37 00 76 65 72 6c e0 83 01 06 80 88 ff ff ..7.verl........\n backtrace:\n bpf_prog_store_orig_filter (net/core/filter.c:1137)\n bpf_prog_create_from_user (net/core/filter.c:1428)\n do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nunreferenced object 0xffff888\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50661",
"url": "https://www.suse.com/security/cve/CVE-2022-50661"
},
{
"category": "external",
"summary": "SUSE Bug 1254759 for CVE-2022-50661",
"url": "https://bugzilla.suse.com/1254759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50661"
},
{
"cve": "CVE-2022-50662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: fix memory leak in hns_roce_alloc_mr()\n\nWhen hns_roce_mr_enable() failed in hns_roce_alloc_mr(), mr_key is not\nreleased. Compiled test only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50662",
"url": "https://www.suse.com/security/cve/CVE-2022-50662"
},
{
"category": "external",
"summary": "SUSE Bug 1254625 for CVE-2022-50662",
"url": "https://bugzilla.suse.com/1254625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50662"
},
{
"cve": "CVE-2022-50664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: fix leak of memory fw",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50664",
"url": "https://www.suse.com/security/cve/CVE-2022-50664"
},
{
"category": "external",
"summary": "SUSE Bug 1254974 for CVE-2022-50664",
"url": "https://bugzilla.suse.com/1254974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50664"
},
{
"cve": "CVE-2022-50666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix QP destroy to wait for all references dropped.\n\nDelay QP destroy completion until all siw references to QP are\ndropped. The calling RDMA core will free QP structure after\nsuccessful return from siw_qp_destroy() call, so siw must not\nhold any remaining reference to the QP upon return.\nA use-after-free was encountered in xfstest generic/460, while\ntesting NFSoRDMA. Here, after a TCP connection drop by peer,\nthe triggered siw_cm_work_handler got delayed until after\nQP destroy call, referencing a QP which has already freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50666",
"url": "https://www.suse.com/security/cve/CVE-2022-50666"
},
{
"category": "external",
"summary": "SUSE Bug 1254674 for CVE-2022-50666",
"url": "https://bugzilla.suse.com/1254674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50666"
},
{
"cve": "CVE-2022-50668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix deadlock due to mbcache entry corruption\n\nWhen manipulating xattr blocks, we can deadlock infinitely looping\ninside ext4_xattr_block_set() where we constantly keep finding xattr\nblock for reuse in mbcache but we are unable to reuse it because its\nreference count is too big. This happens because cache entry for the\nxattr block is marked as reusable (e_reusable set) although its\nreference count is too big. When this inconsistency happens, this\ninconsistent state is kept indefinitely and so ext4_xattr_block_set()\nkeeps retrying indefinitely.\n\nThe inconsistent state is caused by non-atomic update of e_reusable bit.\ne_reusable is part of a bitfield and e_reusable update can race with\nupdate of e_referenced bit in the same bitfield resulting in loss of one\nof the updates. Fix the problem by using atomic bitops instead.\n\nThis bug has been around for many years, but it became *much* easier\nto hit after commit 65f8b80053a1 (\"ext4: fix race when reusing xattr\nblocks\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50668",
"url": "https://www.suse.com/security/cve/CVE-2022-50668"
},
{
"category": "external",
"summary": "SUSE Bug 1254763 for CVE-2022-50668",
"url": "https://bugzilla.suse.com/1254763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50668"
},
{
"cve": "CVE-2022-50669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ocxl: fix possible name leak in ocxl_file_register_afu()\n\nIf device_register() returns error in ocxl_file_register_afu(),\nthe name allocated by dev_set_name() need be freed. As comment\nof device_register() says, it should use put_device() to give\nup the reference in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanup(),\nand info is freed in info_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50669",
"url": "https://www.suse.com/security/cve/CVE-2022-50669"
},
{
"category": "external",
"summary": "SUSE Bug 1254710 for CVE-2022-50669",
"url": "https://bugzilla.suse.com/1254710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50669"
},
{
"cve": "CVE-2022-50670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: omap_hsmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\nit will lead two issues:\n1. The memory that allocated in mmc_alloc_host() is leaked.\n2. In the remove() path, mmc_remove_host() will be called to\n delete device, but it\u0027s not added yet, it will lead a kernel\n crash because of null-ptr-deref in device_del().\n\nFix this by checking the return value and goto error path wihch\nwill call mmc_free_host().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50670",
"url": "https://www.suse.com/security/cve/CVE-2022-50670"
},
{
"category": "external",
"summary": "SUSE Bug 1254699 for CVE-2022-50670",
"url": "https://bugzilla.suse.com/1254699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50670"
},
{
"cve": "CVE-2022-50671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix \"kernel NULL pointer dereference\" error\n\nWhen rxe_queue_init in the function rxe_qp_init_req fails,\nboth qp-\u003ereq.task.func and qp-\u003ereq.task.arg are not initialized.\n\nBecause of creation of qp fails, the function rxe_create_qp will\ncall rxe_qp_do_cleanup to handle allocated resource.\n\nBefore calling __rxe_do_task, both qp-\u003ereq.task.func and\nqp-\u003ereq.task.arg should be checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50671",
"url": "https://www.suse.com/security/cve/CVE-2022-50671"
},
{
"category": "external",
"summary": "SUSE Bug 1254711 for CVE-2022-50671",
"url": "https://bugzilla.suse.com/1254711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50671"
},
{
"cve": "CVE-2022-50672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: zynq-ipi: fix error handling while device_register() fails\n\nIf device_register() fails, it has two issues:\n1. The name allocated by dev_set_name() is leaked.\n2. The parent of device is not NULL, device_unregister() is called\n in zynqmp_ipi_free_mboxes(), it will lead a kernel crash because\n of removing not added device.\n\nCall put_device() to give up the reference, so the name is freed in\nkobject_cleanup(). Add device registered check in zynqmp_ipi_free_mboxes()\nto avoid null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50672",
"url": "https://www.suse.com/security/cve/CVE-2022-50672"
},
{
"category": "external",
"summary": "SUSE Bug 1254696 for CVE-2022-50672",
"url": "https://bugzilla.suse.com/1254696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50672"
},
{
"cve": "CVE-2022-50673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in ext4_orphan_cleanup\n\nI caught a issue as follows:\n==================================================================\n BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0\n Read of size 8 at addr ffff88814b13f378 by task mount/710\n\n CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x73/0x9f\n print_report+0x25d/0x759\n kasan_report+0xc0/0x120\n __asan_load8+0x99/0x140\n __list_add_valid+0x28/0x1a0\n ext4_orphan_cleanup+0x564/0x9d0 [ext4]\n __ext4_fill_super+0x48e2/0x5300 [ext4]\n ext4_fill_super+0x19f/0x3a0 [ext4]\n get_tree_bdev+0x27b/0x450\n ext4_get_tree+0x19/0x30 [ext4]\n vfs_get_tree+0x49/0x150\n path_mount+0xaae/0x1350\n do_mount+0xe2/0x110\n __x64_sys_mount+0xf0/0x190\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n [...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\next4_fill_super\n ext4_orphan_cleanup\n --- loop1: assume last_orphan is 12 ---\n list_add(\u0026EXT4_I(inode)-\u003ei_orphan, \u0026EXT4_SB(sb)-\u003es_orphan)\n ext4_truncate --\u003e return 0\n ext4_inode_attach_jinode --\u003e return -ENOMEM\n iput(inode) --\u003e free inode\u003c12\u003e\n --- loop2: last_orphan is still 12 ---\n list_add(\u0026EXT4_I(inode)-\u003ei_orphan, \u0026EXT4_SB(sb)-\u003es_orphan);\n // use inode\u003c12\u003e and trigger UAF\n\nTo solve this issue, we need to propagate the return value of\next4_inode_attach_jinode() appropriately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50673",
"url": "https://www.suse.com/security/cve/CVE-2022-50673"
},
{
"category": "external",
"summary": "SUSE Bug 1255521 for CVE-2022-50673",
"url": "https://bugzilla.suse.com/1255521"
},
{
"category": "external",
"summary": "SUSE Bug 1255522 for CVE-2022-50673",
"url": "https://bugzilla.suse.com/1255522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50673"
},
{
"cve": "CVE-2022-50675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored\n\nPrior to commit 69e3b846d8a7 (\"arm64: mte: Sync tags for pages where PTE\nis untagged\"), mte_sync_tags() was only called for pte_tagged() entries\n(those mapped with PROT_MTE). Therefore mte_sync_tags() could safely use\ntest_and_set_bit(PG_mte_tagged, \u0026page-\u003eflags) without inadvertently\nsetting PG_mte_tagged on an untagged page.\n\nThe above commit was required as guests may enable MTE without any\ncontrol at the stage 2 mapping, nor a PROT_MTE mapping in the VMM.\nHowever, the side-effect was that any page with a PTE that looked like\nswap (or migration) was getting PG_mte_tagged set automatically. A\nsubsequent page copy (e.g. migration) copied the tags to the destination\npage even if the tags were owned by KASAN.\n\nThis issue was masked by the page_kasan_tag_reset() call introduced in\ncommit e5b8d9218951 (\"arm64: mte: reset the page tag in page-\u003eflags\").\nWhen this commit was reverted (20794545c146), KASAN started reporting\naccess faults because the overriding tags in a page did not match the\noriginal page-\u003eflags (with CONFIG_KASAN_HW_TAGS=y):\n\n BUG: KASAN: invalid-access in copy_page+0x10/0xd0 arch/arm64/lib/copy_page.S:26\n Read at addr f5ff000017f2e000 by task syz-executor.1/2218\n Pointer tag: [f5], memory tag: [f2]\n\nMove the PG_mte_tagged bit setting from mte_sync_tags() to the actual\nplace where tags are cleared (mte_sync_page_tags()) or restored\n(mte_restore_tags()).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50675",
"url": "https://www.suse.com/security/cve/CVE-2022-50675"
},
{
"category": "external",
"summary": "SUSE Bug 1254664 for CVE-2022-50675",
"url": "https://bugzilla.suse.com/1254664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50675"
},
{
"cve": "CVE-2022-50677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50677"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: fix use after free in _ipmi_destroy_user()\n\nThe intf_free() function frees the \"intf\" pointer so we cannot\ndereference it again on the next line.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50677",
"url": "https://www.suse.com/security/cve/CVE-2022-50677"
},
{
"category": "external",
"summary": "SUSE Bug 1254692 for CVE-2022-50677",
"url": "https://bugzilla.suse.com/1254692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50677"
},
{
"cve": "CVE-2022-50678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix invalid address access when enabling SCAN log level\n\nThe variable i is changed when setting random MAC address and causes\ninvalid address access when printing the value of pi-\u003ereqs[i]-\u003ereqid.\n\nWe replace reqs index with ri to fix the issue.\n\n[ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000\n[ 136.737365] Mem abort info:\n[ 136.740172] ESR = 0x96000004\n[ 136.743359] Exception class = DABT (current EL), IL = 32 bits\n[ 136.749294] SET = 0, FnV = 0\n[ 136.752481] EA = 0, S1PTW = 0\n[ 136.755635] Data abort info:\n[ 136.758514] ISV = 0, ISS = 0x00000004\n[ 136.762487] CM = 0, WnR = 0\n[ 136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577\n[ 136.772265] [0000000000000000] pgd=0000000000000000\n[ 136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)\n[ 136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)\n[ 136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G O 4.19.42-00001-g531a5f5 #1\n[ 136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)\n[ 136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)\n[ 136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[ 136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]\n[ 136.828162] sp : ffff00000e9a3880\n[ 136.831475] x29: ffff00000e9a3890 x28: ffff800020543400\n[ 136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0\n[ 136.842098] x25: ffff80002054345c x24: ffff800088d22400\n[ 136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8\n[ 136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400\n[ 136.858032] x19: ffff00000e9a3946 x18: 0000000000000000\n[ 136.863343] x17: 0000000000000000 x16: 0000000000000000\n[ 136.868655] x15: ffff0000093f3b37 x14: 0000000000000050\n[ 136.873966] x13: 0000000000003135 x12: 0000000000000000\n[ 136.879277] x11: 0000000000000000 x10: ffff000009a61888\n[ 136.884589] x9 : 000000000000000f x8 : 0000000000000008\n[ 136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d\n[ 136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942\n[ 136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8\n[ 136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000\n[ 136.911146] Call trace:\n[ 136.913623] brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[ 136.919658] brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]\n[ 136.925430] brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]\n[ 136.931636] nl80211_start_sched_scan+0x140/0x308 [cfg80211]\n[ 136.937298] genl_rcv_msg+0x358/0x3f4\n[ 136.940960] netlink_rcv_skb+0xb4/0x118\n[ 136.944795] genl_rcv+0x34/0x48\n[ 136.947935] netlink_unicast+0x264/0x300\n[ 136.951856] netlink_sendmsg+0x2e4/0x33c\n[ 136.955781] __sys_sendto+0x120/0x19c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50678",
"url": "https://www.suse.com/security/cve/CVE-2022-50678"
},
{
"category": "external",
"summary": "SUSE Bug 1254902 for CVE-2022-50678",
"url": "https://bugzilla.suse.com/1254902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50678"
},
{
"cve": "CVE-2022-50679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix DMA mappings leak\n\nDuring reallocation of RX buffers, new DMA mappings are created for\nthose buffers.\n\nsteps for reproduction:\nwhile :\ndo\nfor ((i=0; i\u003c=8160; i=i+32))\ndo\nethtool -G enp130s0f0 rx $i tx $i\nsleep 0.5\nethtool -g enp130s0f0\ndone\ndone\n\nThis resulted in crash:\ni40e 0000:01:00.1: Unable to allocate memory for the Rx descriptor ring, size=65536\nDriver BUG\nWARNING: CPU: 0 PID: 4300 at net/core/xdp.c:141 xdp_rxq_info_unreg+0x43/0x50\nCall Trace:\ni40e_free_rx_resources+0x70/0x80 [i40e]\ni40e_set_ringparam+0x27c/0x800 [i40e]\nethnl_set_rings+0x1b2/0x290\ngenl_family_rcv_msg_doit.isra.15+0x10f/0x150\ngenl_family_rcv_msg+0xb3/0x160\n? rings_fill_reply+0x1a0/0x1a0\ngenl_rcv_msg+0x47/0x90\n? genl_family_rcv_msg+0x160/0x160\nnetlink_rcv_skb+0x4c/0x120\ngenl_rcv+0x24/0x40\nnetlink_unicast+0x196/0x230\nnetlink_sendmsg+0x204/0x3d0\nsock_sendmsg+0x4c/0x50\n__sys_sendto+0xee/0x160\n? handle_mm_fault+0xbe/0x1e0\n? syscall_trace_enter+0x1d3/0x2c0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x5b/0x1a0\nentry_SYSCALL_64_after_hwframe+0x65/0xca\nRIP: 0033:0x7f5eac8b035b\nMissing register, driver bug\nWARNING: CPU: 0 PID: 4300 at net/core/xdp.c:119 xdp_rxq_info_unreg_mem_model+0x69/0x140\nCall Trace:\nxdp_rxq_info_unreg+0x1e/0x50\ni40e_free_rx_resources+0x70/0x80 [i40e]\ni40e_set_ringparam+0x27c/0x800 [i40e]\nethnl_set_rings+0x1b2/0x290\ngenl_family_rcv_msg_doit.isra.15+0x10f/0x150\ngenl_family_rcv_msg+0xb3/0x160\n? rings_fill_reply+0x1a0/0x1a0\ngenl_rcv_msg+0x47/0x90\n? genl_family_rcv_msg+0x160/0x160\nnetlink_rcv_skb+0x4c/0x120\ngenl_rcv+0x24/0x40\nnetlink_unicast+0x196/0x230\nnetlink_sendmsg+0x204/0x3d0\nsock_sendmsg+0x4c/0x50\n__sys_sendto+0xee/0x160\n? handle_mm_fault+0xbe/0x1e0\n? syscall_trace_enter+0x1d3/0x2c0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x5b/0x1a0\nentry_SYSCALL_64_after_hwframe+0x65/0xca\nRIP: 0033:0x7f5eac8b035b\n\nThis was caused because of new buffers with different RX ring count should\nsubstitute older ones, but those buffers were freed in\ni40e_configure_rx_ring and reallocated again with i40e_alloc_rx_bi,\nthus kfree on rx_bi caused leak of already mapped DMA.\n\nFix this by reallocating ZC with rx_bi_zc struct when BPF program loads. Additionally\nreallocate back to rx_bi when BPF program unloads.\n\nIf BPF program is loaded/unloaded and XSK pools are created, reallocate\nRX queues accordingly in XSP_SETUP_XSK_POOL handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50679",
"url": "https://www.suse.com/security/cve/CVE-2022-50679"
},
{
"category": "external",
"summary": "SUSE Bug 1254656 for CVE-2022-50679",
"url": "https://bugzilla.suse.com/1254656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50679"
},
{
"cve": "CVE-2022-50697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmrp: introduce active flags to prevent UAF when applicant uninit\n\nThe caller of del_timer_sync must prevent restarting of the timer, If\nwe have no this synchronization, there is a small probability that the\ncancellation will not be successful.\n\nAnd syzbot report the fellowing crash:\n==================================================================\nBUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline]\nBUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\nWrite at addr f9ff000024df6058 by task syz-fuzzer/2256\nPointer tag: [f9], memory tag: [fe]\n\nCPU: 1 PID: 2256 Comm: syz-fuzzer Not tainted 6.1.0-rc5-syzkaller-00008-\nge01d50cbd6ee #0\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace.part.0+0xe0/0xf0 arch/arm64/kernel/stacktrace.c:156\n dump_backtrace arch/arm64/kernel/stacktrace.c:162 [inline]\n show_stack+0x18/0x40 arch/arm64/kernel/stacktrace.c:163\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x68/0x84 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x1a8/0x4a0 mm/kasan/report.c:395\n kasan_report+0x94/0xb4 mm/kasan/report.c:495\n __do_kernel_fault+0x164/0x1e0 arch/arm64/mm/fault.c:320\n do_bad_area arch/arm64/mm/fault.c:473 [inline]\n do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:749\n do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:825\n el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:367\n el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:427\n el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:576\n hlist_add_head include/linux/list.h:929 [inline]\n enqueue_timer+0x18/0xa4 kernel/time/timer.c:605\n mod_timer+0x14/0x20 kernel/time/timer.c:1161\n mrp_periodic_timer_arm net/802/mrp.c:614 [inline]\n mrp_periodic_timer+0xa0/0xc0 net/802/mrp.c:627\n call_timer_fn.constprop.0+0x24/0x80 kernel/time/timer.c:1474\n expire_timers+0x98/0xc4 kernel/time/timer.c:1519\n\nTo fix it, we can introduce a new active flags to make sure the timer will\nnot restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50697",
"url": "https://www.suse.com/security/cve/CVE-2022-50697"
},
{
"category": "external",
"summary": "SUSE Bug 1255594 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255594"
},
{
"category": "external",
"summary": "SUSE Bug 1255595 for CVE-2022-50697",
"url": "https://bugzilla.suse.com/1255595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50697"
},
{
"cve": "CVE-2022-50698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: da7219: Fix an error handling path in da7219_register_dai_clks()\n\nIf clk_hw_register() fails, the corresponding clk should not be\nunregistered.\n\nTo handle errors from loops, clean up partial iterations before doing the\ngoto. So add a clk_hw_unregister().\nThen use a while (--i \u003e= 0) loop in the unwind section.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50698",
"url": "https://www.suse.com/security/cve/CVE-2022-50698"
},
{
"category": "external",
"summary": "SUSE Bug 1255608 for CVE-2022-50698",
"url": "https://bugzilla.suse.com/1255608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50698"
},
{
"cve": "CVE-2022-50699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()\n\nThe following warning was triggered on a hardware environment:\n\n SELinux: Converting 162 SID table entries...\n BUG: sleeping function called from invalid context at\n __might_sleep+0x60/0x74 0x0\n in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar\n CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1\n Call trace:\n dump_backtrace+0x0/0x1c8\n show_stack+0x18/0x28\n dump_stack+0xe8/0x15c\n ___might_sleep+0x168/0x17c\n __might_sleep+0x60/0x74\n __kmalloc_track_caller+0xa0/0x7dc\n kstrdup+0x54/0xac\n convert_context+0x48/0x2e4\n sidtab_context_to_sid+0x1c4/0x36c\n security_context_to_sid_core+0x168/0x238\n security_context_to_sid_default+0x14/0x24\n inode_doinit_use_xattr+0x164/0x1e4\n inode_doinit_with_dentry+0x1c0/0x488\n selinux_d_instantiate+0x20/0x34\n security_d_instantiate+0x70/0xbc\n d_splice_alias+0x4c/0x3c0\n ext4_lookup+0x1d8/0x200 [ext4]\n __lookup_slow+0x12c/0x1e4\n walk_component+0x100/0x200\n path_lookupat+0x88/0x118\n filename_lookup+0x98/0x130\n user_path_at_empty+0x48/0x60\n vfs_statx+0x84/0x140\n vfs_fstatat+0x20/0x30\n __se_sys_newfstatat+0x30/0x74\n __arm64_sys_newfstatat+0x1c/0x2c\n el0_svc_common.constprop.0+0x100/0x184\n do_el0_svc+0x1c/0x2c\n el0_svc+0x20/0x34\n el0_sync_handler+0x80/0x17c\n el0_sync+0x13c/0x140\n SELinux: Context system_u:object_r:pssp_rsyslog_log_t:s0:c0 is\n not valid (left unmapped).\n\nIt was found that within a critical section of spin_lock_irqsave in\nsidtab_context_to_sid(), convert_context() (hooked by\nsidtab_convert_params.func) might cause the process to sleep via\nallocating memory with GFP_KERNEL, which is problematic.\n\nAs Ondrej pointed out [1], convert_context()/sidtab_convert_params.func\nhas another caller sidtab_convert_tree(), which is okay with GFP_KERNEL.\nTherefore, fix this problem by adding a gfp_t argument for\nconvert_context()/sidtab_convert_params.func and pass GFP_KERNEL/_ATOMIC\nproperly in individual callers.\n\n[PM: wrap long BUG() output lines, tweak subject line]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50699",
"url": "https://www.suse.com/security/cve/CVE-2022-50699"
},
{
"category": "external",
"summary": "SUSE Bug 1255582 for CVE-2022-50699",
"url": "https://bugzilla.suse.com/1255582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50699"
},
{
"cve": "CVE-2022-50700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Delay the unmapping of the buffer\n\nOn WCN3990, we are seeing a rare scenario where copy engine hardware is\nsending a copy complete interrupt to the host driver while still\nprocessing the buffer that the driver has sent, this is leading into an\nSMMU fault triggering kernel panic. This is happening on copy engine\nchannel 3 (CE3) where the driver normally enqueues WMI commands to the\nfirmware. Upon receiving a copy complete interrupt, host driver will\nimmediately unmap and frees the buffer presuming that hardware has\nprocessed the buffer. In the issue case, upon receiving copy complete\ninterrupt, host driver will unmap and free the buffer but since hardware\nis still accessing the buffer (which in this case got unmapped in\nparallel), SMMU hardware will trigger an SMMU fault resulting in a\nkernel panic.\n\nIn order to avoid this, as a work around, add a delay before unmapping\nthe copy engine source DMA buffer. This is conditionally done for\nWCN3990 and only for the CE3 channel where issue is seen.\n\nBelow is the crash signature:\n\nwifi smmu error: kernel: [ 10.120965] arm-smmu 15000000.iommu: Unhandled\ncontext fault: fsr=0x402, iova=0x7fdfd8ac0,\nfsynr=0x500003,cbfrsynra=0xc1, cb=6 arm-smmu 15000000.iommu: Unhandled\ncontext fault:fsr=0x402, iova=0x7fe06fdc0, fsynr=0x710003,\ncbfrsynra=0xc1, cb=6 qcom-q6v5-mss 4080000.remoteproc: fatal error\nreceived: err_qdi.c:1040:EF:wlan_process:0x1:WLAN RT:0x2091:\ncmnos_thread.c:3998:Asserted in copy_engine.c:AXI_ERROR_DETECTED:2149\nremoteproc remoteproc0: crash detected in\n4080000.remoteproc: type fatal error \u003c3\u003e remoteproc remoteproc0:\nhandling crash #1 in 4080000.remoteproc\n\npc : __arm_lpae_unmap+0x500/0x514\nlr : __arm_lpae_unmap+0x4bc/0x514\nsp : ffffffc011ffb530\nx29: ffffffc011ffb590 x28: 0000000000000000\nx27: 0000000000000000 x26: 0000000000000004\nx25: 0000000000000003 x24: ffffffc011ffb890\nx23: ffffffa762ef9be0 x22: ffffffa77244ef00\nx21: 0000000000000009 x20: 00000007fff7c000\nx19: 0000000000000003 x18: 0000000000000000\nx17: 0000000000000004 x16: ffffffd7a357d9f0\nx15: 0000000000000000 x14: 00fd5d4fa7ffffff\nx13: 000000000000000e x12: 0000000000000000\nx11: 00000000ffffffff x10: 00000000fffffe00\nx9 : 000000000000017c x8 : 000000000000000c\nx7 : 0000000000000000 x6 : ffffffa762ef9000\nx5 : 0000000000000003 x4 : 0000000000000004\nx3 : 0000000000001000 x2 : 00000007fff7c000\nx1 : ffffffc011ffb890 x0 : 0000000000000000 Call trace:\n__arm_lpae_unmap+0x500/0x514\n__arm_lpae_unmap+0x4bc/0x514\n__arm_lpae_unmap+0x4bc/0x514\narm_lpae_unmap_pages+0x78/0xa4\narm_smmu_unmap_pages+0x78/0x104\n__iommu_unmap+0xc8/0x1e4\niommu_unmap_fast+0x38/0x48\n__iommu_dma_unmap+0x84/0x104\niommu_dma_free+0x34/0x50\ndma_free_attrs+0xa4/0xd0\nath10k_htt_rx_free+0xc4/0xf4 [ath10k_core] ath10k_core_stop+0x64/0x7c\n[ath10k_core]\nath10k_halt+0x11c/0x180 [ath10k_core]\nath10k_stop+0x54/0x94 [ath10k_core]\ndrv_stop+0x48/0x1c8 [mac80211]\nieee80211_do_open+0x638/0x77c [mac80211] ieee80211_open+0x48/0x5c\n[mac80211]\n__dev_open+0xb4/0x174\n__dev_change_flags+0xc4/0x1dc\ndev_change_flags+0x3c/0x7c\ndevinet_ioctl+0x2b4/0x580\ninet_ioctl+0xb0/0x1b4\nsock_do_ioctl+0x4c/0x16c\ncompat_ifreq_ioctl+0x1cc/0x35c\ncompat_sock_ioctl+0x110/0x2ac\n__arm64_compat_sys_ioctl+0xf4/0x3e0\nel0_svc_common+0xb4/0x17c\nel0_svc_compat_handler+0x2c/0x58\nel0_svc_compat+0x8/0x2c\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50700",
"url": "https://www.suse.com/security/cve/CVE-2022-50700"
},
{
"category": "external",
"summary": "SUSE Bug 1255576 for CVE-2022-50700",
"url": "https://bugzilla.suse.com/1255576"
},
{
"category": "external",
"summary": "SUSE Bug 1255577 for CVE-2022-50700",
"url": "https://bugzilla.suse.com/1255577"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50700"
},
{
"cve": "CVE-2022-50702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()\n\nInject fault while probing module, if device_register() fails in\nvdpasim_net_init() or vdpasim_blk_init(), but the refcount of kobject is\nnot decreased to 0, the name allocated in dev_set_name() is leaked.\nFix this by calling put_device(), so that name can be freed in\ncallback function kobject_cleanup().\n\n(vdpa_sim_net)\nunreferenced object 0xffff88807eebc370 (size 16):\n comm \"modprobe\", pid 3848, jiffies 4362982860 (age 18.153s)\n hex dump (first 16 bytes):\n 76 64 70 61 73 69 6d 5f 6e 65 74 00 6b 6b 6b a5 vdpasim_net.kkk.\n backtrace:\n [\u003cffffffff8174f19e\u003e] __kmalloc_node_track_caller+0x4e/0x150\n [\u003cffffffff81731d53\u003e] kstrdup+0x33/0x60\n [\u003cffffffff83a5d421\u003e] kobject_set_name_vargs+0x41/0x110\n [\u003cffffffff82d87aab\u003e] dev_set_name+0xab/0xe0\n [\u003cffffffff82d91a23\u003e] device_add+0xe3/0x1a80\n [\u003cffffffffa0270013\u003e] 0xffffffffa0270013\n [\u003cffffffff81001c27\u003e] do_one_initcall+0x87/0x2e0\n [\u003cffffffff813739cb\u003e] do_init_module+0x1ab/0x640\n [\u003cffffffff81379d20\u003e] load_module+0x5d00/0x77f0\n [\u003cffffffff8137bc40\u003e] __do_sys_finit_module+0x110/0x1b0\n [\u003cffffffff83c4d505\u003e] do_syscall_64+0x35/0x80\n [\u003cffffffff83e0006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\n(vdpa_sim_blk)\nunreferenced object 0xffff8881070c1250 (size 16):\n comm \"modprobe\", pid 6844, jiffies 4364069319 (age 17.572s)\n hex dump (first 16 bytes):\n 76 64 70 61 73 69 6d 5f 62 6c 6b 00 6b 6b 6b a5 vdpasim_blk.kkk.\n backtrace:\n [\u003cffffffff8174f19e\u003e] __kmalloc_node_track_caller+0x4e/0x150\n [\u003cffffffff81731d53\u003e] kstrdup+0x33/0x60\n [\u003cffffffff83a5d421\u003e] kobject_set_name_vargs+0x41/0x110\n [\u003cffffffff82d87aab\u003e] dev_set_name+0xab/0xe0\n [\u003cffffffff82d91a23\u003e] device_add+0xe3/0x1a80\n [\u003cffffffffa0220013\u003e] 0xffffffffa0220013\n [\u003cffffffff81001c27\u003e] do_one_initcall+0x87/0x2e0\n [\u003cffffffff813739cb\u003e] do_init_module+0x1ab/0x640\n [\u003cffffffff81379d20\u003e] load_module+0x5d00/0x77f0\n [\u003cffffffff8137bc40\u003e] __do_sys_finit_module+0x110/0x1b0\n [\u003cffffffff83c4d505\u003e] do_syscall_64+0x35/0x80\n [\u003cffffffff83e0006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50702",
"url": "https://www.suse.com/security/cve/CVE-2022-50702"
},
{
"category": "external",
"summary": "SUSE Bug 1255624 for CVE-2022-50702",
"url": "https://bugzilla.suse.com/1255624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50702"
},
{
"cve": "CVE-2022-50703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()\n\nThere are two refcount leak bugs in qcom_smsm_probe():\n\n(1) The \u0027local_node\u0027 is escaped out from for_each_child_of_node() as\nthe break of iteration, we should call of_node_put() for it in error\npath or when it is not used anymore.\n(2) The \u0027node\u0027 is escaped out from for_each_available_child_of_node()\nas the \u0027goto\u0027, we should call of_node_put() for it in goto target.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50703",
"url": "https://www.suse.com/security/cve/CVE-2022-50703"
},
{
"category": "external",
"summary": "SUSE Bug 1255607 for CVE-2022-50703",
"url": "https://bugzilla.suse.com/1255607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50703"
},
{
"cve": "CVE-2022-50704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free during usb config switch\n\nIn the process of switching USB config from rndis to other config,\nif the hardware does not support the -\u003epullup callback, or the\nhardware encounters a low probability fault, both of them may cause\nthe -\u003epullup callback to fail, which will then cause a system panic\n(use after free).\n\nThe gadget drivers sometimes need to be unloaded regardless of the\nhardware\u0027s behavior.\n\nAnalysis as follows:\n=======================================================================\n(1) write /config/usb_gadget/g1/UDC \"none\"\n\ngether_disconnect+0x2c/0x1f8\nrndis_disable+0x4c/0x74\ncomposite_disconnect+0x74/0xb0\nconfigfs_composite_disconnect+0x60/0x7c\nusb_gadget_disconnect+0x70/0x124\nusb_gadget_unregister_driver+0xc8/0x1d8\ngadget_dev_desc_UDC_store+0xec/0x1e4\n\n(2) rm /config/usb_gadget/g1/configs/b.1/f1\n\nrndis_deregister+0x28/0x54\nrndis_free+0x44/0x7c\nusb_put_function+0x14/0x1c\nconfig_usb_cfg_unlink+0xc4/0xe0\nconfigfs_unlink+0x124/0x1c8\nvfs_unlink+0x114/0x1dc\n\n(3) rmdir /config/usb_gadget/g1/functions/rndis.gs4\n\npanic+0x1fc/0x3d0\ndo_page_fault+0xa8/0x46c\ndo_mem_abort+0x3c/0xac\nel1_sync_handler+0x40/0x78\n0xffffff801138f880\nrndis_close+0x28/0x34\neth_stop+0x74/0x110\ndev_close_many+0x48/0x194\nrollback_registered_many+0x118/0x814\nunregister_netdev+0x20/0x30\ngether_cleanup+0x1c/0x38\nrndis_attr_release+0xc/0x14\nkref_put+0x74/0xb8\nconfigfs_rmdir+0x314/0x374\n\nIf gadget-\u003eops-\u003epullup() return an error, function rndis_close() will be\ncalled, then it will causes a use-after-free problem.\n=======================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50704",
"url": "https://www.suse.com/security/cve/CVE-2022-50704"
},
{
"category": "external",
"summary": "SUSE Bug 1255623 for CVE-2022-50704",
"url": "https://bugzilla.suse.com/1255623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50704"
},
{
"cve": "CVE-2022-50709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()\n\nsyzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for\nioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with\npkt_len = 0 but ath9k_hif_usb_rx_stream() uses\n__dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that\npkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb\nwith uninitialized memory and ath9k_htc_rx_msg() is reading from\nuninitialized memory.\n\nSince bytes accessed by ath9k_htc_rx_msg() is not known until\nath9k_htc_rx_msg() is called, it would be difficult to check minimal valid\npkt_len at \"if (pkt_len \u003e 2 * MAX_RX_BUF_SIZE) {\" line in\nath9k_hif_usb_rx_stream().\n\nWe have two choices. One is to workaround by adding __GFP_ZERO so that\nath9k_htc_rx_msg() sees 0 if pkt_len is invalid. The other is to let\nath9k_htc_rx_msg() validate pkt_len before accessing. This patch chose\nthe latter.\n\nNote that I\u0027m not sure threshold condition is correct, for I can\u0027t find\ndetails on possible packet length used by this protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50709",
"url": "https://www.suse.com/security/cve/CVE-2022-50709"
},
{
"category": "external",
"summary": "SUSE Bug 1255565 for CVE-2022-50709",
"url": "https://bugzilla.suse.com/1255565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50709"
},
{
"cve": "CVE-2022-50715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: stop mdx_raid1 thread when raid1 array run failed\n\nfail run raid1 array when we assemble array with the inactive disk only,\nbut the mdx_raid1 thread were not stop, Even if the associated resources\nhave been released. it will caused a NULL dereference when we do poweroff.\n\nThis causes the following Oops:\n [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070\n [ 287.594762] #PF: supervisor read access in kernel mode\n [ 287.599912] #PF: error_code(0x0000) - not-present page\n [ 287.605061] PGD 0 P4D 0\n [ 287.607612] Oops: 0000 [#1] SMP NOPTI\n [ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0\n [ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022\n [ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]\n [ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......\n [ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202\n [ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000\n [ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800\n [ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff\n [ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800\n [ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500\n [ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000\n [ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0\n [ 287.713033] Call Trace:\n [ 287.715498] raid1d+0x6c/0xbbb [raid1]\n [ 287.719256] ? __schedule+0x1ff/0x760\n [ 287.722930] ? schedule+0x3b/0xb0\n [ 287.726260] ? schedule_timeout+0x1ed/0x290\n [ 287.730456] ? __switch_to+0x11f/0x400\n [ 287.734219] md_thread+0xe9/0x140 [md_mod]\n [ 287.738328] ? md_thread+0xe9/0x140 [md_mod]\n [ 287.742601] ? wait_woken+0x80/0x80\n [ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]\n [ 287.751064] kthread+0x11a/0x140\n [ 287.754300] ? kthread_park+0x90/0x90\n [ 287.757974] ret_from_fork+0x1f/0x30\n\nIn fact, when raid1 array run fail, we need to do\nmd_unregister_thread() before raid1_free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50715",
"url": "https://www.suse.com/security/cve/CVE-2022-50715"
},
{
"category": "external",
"summary": "SUSE Bug 1255749 for CVE-2022-50715",
"url": "https://bugzilla.suse.com/1255749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50715"
},
{
"cve": "CVE-2022-50716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ar5523: Fix use-after-free on ar5523_cmd() timed out\n\nsyzkaller reported use-after-free with the stack trace like below [1]:\n\n[ 38.960489][ C3] ==================================================================\n[ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240\n[ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0\n[ 38.966363][ C3]\n[ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.0.0-09039-ga6afa4199d3d-dirty #18\n[ 38.968464][ C3] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 38.969959][ C3] Call Trace:\n[ 38.970841][ C3] \u003cIRQ\u003e\n[ 38.971663][ C3] dump_stack_lvl+0xfc/0x174\n[ 38.972620][ C3] print_report.cold+0x2c3/0x752\n[ 38.973626][ C3] ? ar5523_cmd_tx_cb+0x220/0x240\n[ 38.974644][ C3] kasan_report+0xb1/0x1d0\n[ 38.975720][ C3] ? ar5523_cmd_tx_cb+0x220/0x240\n[ 38.976831][ C3] ar5523_cmd_tx_cb+0x220/0x240\n[ 38.978412][ C3] __usb_hcd_giveback_urb+0x353/0x5b0\n[ 38.979755][ C3] usb_hcd_giveback_urb+0x385/0x430\n[ 38.981266][ C3] dummy_timer+0x140c/0x34e0\n[ 38.982925][ C3] ? notifier_call_chain+0xb5/0x1e0\n[ 38.984761][ C3] ? rcu_read_lock_sched_held+0xb/0x60\n[ 38.986242][ C3] ? lock_release+0x51c/0x790\n[ 38.987323][ C3] ? _raw_read_unlock_irqrestore+0x37/0x70\n[ 38.988483][ C3] ? __wake_up_common_lock+0xde/0x130\n[ 38.989621][ C3] ? reacquire_held_locks+0x4a0/0x4a0\n[ 38.990777][ C3] ? lock_acquire+0x472/0x550\n[ 38.991919][ C3] ? rcu_read_lock_sched_held+0xb/0x60\n[ 38.993138][ C3] ? lock_acquire+0x472/0x550\n[ 38.994890][ C3] ? dummy_urb_enqueue+0x860/0x860\n[ 38.996266][ C3] ? do_raw_spin_unlock+0x16f/0x230\n[ 38.997670][ C3] ? dummy_urb_enqueue+0x860/0x860\n[ 38.999116][ C3] call_timer_fn+0x1a0/0x6a0\n[ 39.000668][ C3] ? add_timer_on+0x4a0/0x4a0\n[ 39.002137][ C3] ? reacquire_held_locks+0x4a0/0x4a0\n[ 39.003809][ C3] ? __next_timer_interrupt+0x226/0x2a0\n[ 39.005509][ C3] __run_timers.part.0+0x69a/0xac0\n[ 39.007025][ C3] ? dummy_urb_enqueue+0x860/0x860\n[ 39.008716][ C3] ? call_timer_fn+0x6a0/0x6a0\n[ 39.010254][ C3] ? cpuacct_percpu_seq_show+0x10/0x10\n[ 39.011795][ C3] ? kvm_sched_clock_read+0x14/0x40\n[ 39.013277][ C3] ? sched_clock_cpu+0x69/0x2b0\n[ 39.014724][ C3] run_timer_softirq+0xb6/0x1d0\n[ 39.016196][ C3] __do_softirq+0x1d2/0x9be\n[ 39.017616][ C3] __irq_exit_rcu+0xeb/0x190\n[ 39.019004][ C3] irq_exit_rcu+0x5/0x20\n[ 39.020361][ C3] sysvec_apic_timer_interrupt+0x8f/0xb0\n[ 39.021965][ C3] \u003c/IRQ\u003e\n[ 39.023237][ C3] \u003cTASK\u003e\n\nIn ar5523_probe(), ar5523_host_available() calls ar5523_cmd() as below\n(there are other functions which finally call ar5523_cmd()):\n\nar5523_probe()\n-\u003e ar5523_host_available()\n -\u003e ar5523_cmd_read()\n -\u003e ar5523_cmd()\n\nIf ar5523_cmd() timed out, then ar5523_host_available() failed and\nar5523_probe() freed the device structure. So, ar5523_cmd_tx_cb()\nmight touch the freed structure.\n\nThis patch fixes this issue by canceling in-flight tx cmd if submitted\nurb timed out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50716",
"url": "https://www.suse.com/security/cve/CVE-2022-50716"
},
{
"category": "external",
"summary": "SUSE Bug 1255839 for CVE-2022-50716",
"url": "https://bugzilla.suse.com/1255839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50716"
},
{
"cve": "CVE-2022-50717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds check on Transfer Tag\n\nttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(),\nadd a bounds check to avoid out-of-bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50717",
"url": "https://www.suse.com/security/cve/CVE-2022-50717"
},
{
"category": "external",
"summary": "SUSE Bug 1255844 for CVE-2022-50717",
"url": "https://bugzilla.suse.com/1255844"
},
{
"category": "external",
"summary": "SUSE Bug 1255845 for CVE-2022-50717",
"url": "https://bugzilla.suse.com/1255845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50717"
},
{
"cve": "CVE-2022-50718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix pci device refcount leak\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put().\n\nSo before returning from amdgpu_device_resume|suspend_display_audio(),\npci_dev_put() is called to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50718",
"url": "https://www.suse.com/security/cve/CVE-2022-50718"
},
{
"category": "external",
"summary": "SUSE Bug 1255750 for CVE-2022-50718",
"url": "https://bugzilla.suse.com/1255750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50718"
},
{
"cve": "CVE-2022-50719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: fix stack overflow in line6_midi_transmit\n\nCorrectly calculate available space including the size of the chunk\nbuffer. This fixes a buffer overflow when multiple MIDI sysex\nmessages are sent to a PODxt device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50719",
"url": "https://www.suse.com/security/cve/CVE-2022-50719"
},
{
"category": "external",
"summary": "SUSE Bug 1255939 for CVE-2022-50719",
"url": "https://bugzilla.suse.com/1255939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50719"
},
{
"cve": "CVE-2022-50722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu3-imgu: Fix NULL pointer dereference in active selection access\n\nWhat the IMGU driver did was that it first acquired the pointers to active\nand try V4L2 subdev state, and only then figured out which one to use.\n\nThe problem with that approach and a later patch (see Fixes: tag) is that\nas sd_state argument to v4l2_subdev_get_try_crop() et al is NULL, there is\nnow an attempt to dereference that.\n\nFix this.\n\nAlso rewrap lines a little.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50722",
"url": "https://www.suse.com/security/cve/CVE-2022-50722"
},
{
"category": "external",
"summary": "SUSE Bug 1255877 for CVE-2022-50722",
"url": "https://bugzilla.suse.com/1255877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50722"
},
{
"cve": "CVE-2022-50724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix resource leak in regulator_register()\n\nI got some resource leak reports while doing fault injection test:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 100,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /i2c/pmic@64/regulators/buck1\n\nunreferenced object 0xffff88810deea000 (size 512):\n comm \"490-i2c-rt5190a\", pid 253, jiffies 4294859840 (age 5061.046s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff a0 1e 00 a1 ff ff ff ff ................\n backtrace:\n [\u003c00000000d78541e2\u003e] kmalloc_trace+0x21/0x110\n [\u003c00000000b343d153\u003e] device_private_init+0x32/0xd0\n [\u003c00000000be1f0c70\u003e] device_add+0xb2d/0x1030\n [\u003c00000000e3e6344d\u003e] regulator_register+0xaf2/0x12a0\n [\u003c00000000e2f5e754\u003e] devm_regulator_register+0x57/0xb0\n [\u003c000000008b898197\u003e] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\n\nunreferenced object 0xffff88810b617b80 (size 32):\n comm \"490-i2c-rt5190a\", pid 253, jiffies 4294859904 (age 5060.983s)\n hex dump (first 32 bytes):\n 72 65 67 75 6c 61 74 6f 72 2e 32 38 36 38 2d 53 regulator.2868-S\n 55 50 50 4c 59 00 ff ff 29 00 00 00 2b 00 00 00 UPPLY...)...+...\n backtrace:\n [\u003c000000009da9280d\u003e] __kmalloc_node_track_caller+0x44/0x1b0\n [\u003c0000000025c6a4e5\u003e] kstrdup+0x3a/0x70\n [\u003c00000000790efb69\u003e] create_regulator+0xc0/0x4e0\n [\u003c0000000005ed203a\u003e] regulator_resolve_supply+0x2d4/0x440\n [\u003c0000000045796214\u003e] regulator_register+0x10b3/0x12a0\n [\u003c00000000e2f5e754\u003e] devm_regulator_register+0x57/0xb0\n [\u003c000000008b898197\u003e] rt5190a_probe+0x52a/0x861 [rt5190a_regulator]\n\nAfter calling regulator_resolve_supply(), the \u0027rdev-\u003esupply\u0027 is set\nby set_supply(), after this set, in the error path, the resources\nneed be released, so call regulator_put() to avoid the leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50724",
"url": "https://www.suse.com/security/cve/CVE-2022-50724"
},
{
"category": "external",
"summary": "SUSE Bug 1255950 for CVE-2022-50724",
"url": "https://bugzilla.suse.com/1255950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50724"
},
{
"cve": "CVE-2022-50726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix possible use-after-free in async command interface\n\nmlx5_cmd_cleanup_async_ctx should return only after all its callback\nhandlers were completed. Before this patch, the below race between\nmlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and\nlead to a use-after-free:\n\n1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e.\n elevated by 1, a single inflight callback).\n2. mlx5_cmd_cleanup_async_ctx decreases num_inflight to 1.\n3. mlx5_cmd_exec_cb_handler is called, decreases num_inflight to 0 and\n is about to call wake_up().\n4. mlx5_cmd_cleanup_async_ctx calls wait_event, which returns\n immediately as the condition (num_inflight == 0) holds.\n5. mlx5_cmd_cleanup_async_ctx returns.\n6. The caller of mlx5_cmd_cleanup_async_ctx frees the mlx5_async_ctx\n object.\n7. mlx5_cmd_exec_cb_handler goes on and calls wake_up() on the freed\n object.\n\nFix it by syncing using a completion object. Mark it completed when\nnum_inflight reaches 0.\n\nTrace:\n\nBUG: KASAN: use-after-free in do_raw_spin_lock+0x23d/0x270\nRead of size 4 at addr ffff888139cd12f4 by task swapper/5/0\n\nCPU: 5 PID: 0 Comm: swapper/5 Not tainted 6.0.0-rc3_for_upstream_debug_2022_08_30_13_10 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x57/0x7d\n print_report.cold+0x2d5/0x684\n ? do_raw_spin_lock+0x23d/0x270\n kasan_report+0xb1/0x1a0\n ? do_raw_spin_lock+0x23d/0x270\n do_raw_spin_lock+0x23d/0x270\n ? rwlock_bug.part.0+0x90/0x90\n ? __delete_object+0xb8/0x100\n ? lock_downgrade+0x6e0/0x6e0\n _raw_spin_lock_irqsave+0x43/0x60\n ? __wake_up_common_lock+0xb9/0x140\n __wake_up_common_lock+0xb9/0x140\n ? __wake_up_common+0x650/0x650\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\n ? kasan_set_track+0x21/0x30\n ? destroy_tis_callback+0x53/0x70 [mlx5_core]\n ? kfree+0x1ba/0x520\n ? do_raw_spin_unlock+0x54/0x220\n mlx5_cmd_exec_cb_handler+0x136/0x1a0 [mlx5_core]\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\n ? mlx5_cmd_cleanup_async_ctx+0x220/0x220 [mlx5_core]\n mlx5_cmd_comp_handler+0x65a/0x12b0 [mlx5_core]\n ? dump_command+0xcc0/0xcc0 [mlx5_core]\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\n cmd_comp_notifier+0x7e/0xb0 [mlx5_core]\n atomic_notifier_call_chain+0xd7/0x1d0\n mlx5_eq_async_int+0x3ce/0xa20 [mlx5_core]\n atomic_notifier_call_chain+0xd7/0x1d0\n ? irq_release+0x140/0x140 [mlx5_core]\n irq_int_handler+0x19/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x1f2/0x620\n handle_irq_event+0xb2/0x1d0\n handle_edge_irq+0x21e/0xb00\n __common_interrupt+0x79/0x1a0\n common_interrupt+0x78/0xa0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x22/0x40\nRIP: 0010:default_idle+0x42/0x60\nCode: c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 04 84 d2 75 14 8b 05 eb 47 22 02 85 c0 7e 07 0f 00 2d e0 9f 48 00 fb f4 \u003cc3\u003e 48 c7 c7 80 08 7f 85 e8 d1 d3 3e fe eb de 66 66 2e 0f 1f 84 00\nRSP: 0018:ffff888100dbfdf0 EFLAGS: 00000242\nRAX: 0000000000000001 RBX: ffffffff84ecbd48 RCX: 1ffffffff0afe110\nRDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff835cc9bc\nRBP: 0000000000000005 R08: 0000000000000001 R09: ffff88881dec4ac3\nR10: ffffed1103bd8958 R11: 0000017d0ca571c9 R12: 0000000000000005\nR13: ffffffff84f024e0 R14: 0000000000000000 R15: dffffc0000000000\n ? default_idle_call+0xcc/0x450\n default_idle_call+0xec/0x450\n do_idle+0x394/0x450\n ? arch_cpu_idle_exit+0x40/0x40\n ? do_idle+0x17/0x450\n cpu_startup_entry+0x19/0x20\n start_secondary+0x221/0x2b0\n ? set_cpu_sibling_map+0x2070/0x2070\n secondary_startup_64_no_verify+0xcd/0xdb\n \u003c/TASK\u003e\n\nAllocated by task 49502:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n kvmalloc_node+0x48/0xe0\n mlx5e_bulk_async_init+0x35/0x110 [mlx5_core]\n mlx5e_tls_priv_tx_list_cleanup+0x84/0x3e0 [mlx5_core]\n mlx5e_ktls_cleanup_tx+0x38f/0x760 [mlx5_core]\n mlx5e_cleanup_nic_tx+0xa7/0x100 [mlx5_core]\n mlx5e_detach_netdev+0x1c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50726",
"url": "https://www.suse.com/security/cve/CVE-2022-50726"
},
{
"category": "external",
"summary": "SUSE Bug 1256040 for CVE-2022-50726",
"url": "https://bugzilla.suse.com/1256040"
},
{
"category": "external",
"summary": "SUSE Bug 1256255 for CVE-2022-50726",
"url": "https://bugzilla.suse.com/1256255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50726"
},
{
"cve": "CVE-2022-50727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: efct: Fix possible memleak in efct_device_init()\n\nIn efct_device_init(), when efct_scsi_reg_fc_transport() fails,\nefct_scsi_tgt_driver_exit() is not called to release memory for\nefct_scsi_tgt_driver_init() and causes memleak:\n\nunreferenced object 0xffff8881020ce000 (size 2048):\n comm \"modprobe\", pid 465, jiffies 4294928222 (age 55.872s)\n backtrace:\n [\u003c0000000021a1ef1b\u003e] kmalloc_trace+0x27/0x110\n [\u003c000000004c3ed51c\u003e] target_register_template+0x4fd/0x7b0 [target_core_mod]\n [\u003c00000000f3393296\u003e] efct_scsi_tgt_driver_init+0x18/0x50 [efct]\n [\u003c00000000115de533\u003e] 0xffffffffc0d90011\n [\u003c00000000d608f646\u003e] do_one_initcall+0xd0/0x4e0\n [\u003c0000000067828cf1\u003e] do_init_module+0x1cc/0x6a0\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50727",
"url": "https://www.suse.com/security/cve/CVE-2022-50727"
},
{
"category": "external",
"summary": "SUSE Bug 1256042 for CVE-2022-50727",
"url": "https://bugzilla.suse.com/1256042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50727"
},
{
"cve": "CVE-2022-50728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/lcs: Fix return type of lcs_start_xmit()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/s390/net/lcs.c:2090:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = lcs_start_xmit,\n ^~~~~~~~~~~~~~\n drivers/s390/net/lcs.c:2097:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = lcs_start_xmit,\n ^~~~~~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of lcs_start_xmit() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50728",
"url": "https://www.suse.com/security/cve/CVE-2022-50728"
},
{
"category": "external",
"summary": "SUSE Bug 1256046 for CVE-2022-50728",
"url": "https://bugzilla.suse.com/1256046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50728"
},
{
"cve": "CVE-2022-50730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: silence the warning when evicting inode with dioread_nolock\n\nWhen evicting an inode with default dioread_nolock, it could be raced by\nthe unwritten extents converting kworker after writeback some new\nallocated dirty blocks. It convert unwritten extents to written, the\nextents could be merged to upper level and free extent blocks, so it\ncould mark the inode dirty again even this inode has been marked\nI_FREEING. But the inode-\u003ei_io_list check and warning in\next4_evict_inode() missing this corner case. Fortunately,\next4_evict_inode() will wait all extents converting finished before this\ncheck, so it will not lead to inode use-after-free problem, every thing\nis OK besides this warning. The WARN_ON_ONCE was originally designed\nfor finding inode use-after-free issues in advance, but if we add\ncurrent dioread_nolock case in, it will become not quite useful, so fix\nthis warning by just remove this check.\n\n ======\n WARNING: CPU: 7 PID: 1092 at fs/ext4/inode.c:227\n ext4_evict_inode+0x875/0xc60\n ...\n RIP: 0010:ext4_evict_inode+0x875/0xc60\n ...\n Call Trace:\n \u003cTASK\u003e\n evict+0x11c/0x2b0\n iput+0x236/0x3a0\n do_unlinkat+0x1b4/0x490\n __x64_sys_unlinkat+0x4c/0xb0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7fa933c1115b\n ======\n\nrm kworker\n ext4_end_io_end()\nvfs_unlink()\n ext4_unlink()\n ext4_convert_unwritten_io_end_vec()\n ext4_convert_unwritten_extents()\n ext4_map_blocks()\n ext4_ext_map_blocks()\n ext4_ext_try_to_merge_up()\n __mark_inode_dirty()\n check !I_FREEING\n locked_inode_to_wb_and_lock_list()\n iput()\n iput_final()\n evict()\n ext4_evict_inode()\n truncate_inode_pages_final() //wait release io_end\n inode_io_list_move_locked()\n ext4_release_io_end()\n trigger WARN_ON_ONCE()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50730",
"url": "https://www.suse.com/security/cve/CVE-2022-50730"
},
{
"category": "external",
"summary": "SUSE Bug 1256048 for CVE-2022-50730",
"url": "https://bugzilla.suse.com/1256048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50730"
},
{
"cve": "CVE-2022-50731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: akcipher - default implementation for setting a private key\n\nChanges from v1:\n * removed the default implementation from set_pub_key: it is assumed that\n an implementation must always have this callback defined as there are\n no use case for an algorithm, which doesn\u0027t need a public key\n\nMany akcipher implementations (like ECDSA) support only signature\nverifications, so they don\u0027t have all callbacks defined.\n\nCommit 78a0324f4a53 (\"crypto: akcipher - default implementations for\nrequest callbacks\") introduced default callbacks for sign/verify\noperations, which just return an error code.\n\nHowever, these are not enough, because before calling sign the caller would\nlikely call set_priv_key first on the instantiated transform (as the\nin-kernel testmgr does). This function does not have a default stub, so the\nkernel crashes, when trying to set a private key on an akcipher, which\ndoesn\u0027t support signature generation.\n\nI\u0027ve noticed this, when trying to add a KAT vector for ECDSA signature to\nthe testmgr.\n\nWith this patch the testmgr returns an error in dmesg (as it should)\ninstead of crashing the kernel NULL ptr dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50731",
"url": "https://www.suse.com/security/cve/CVE-2022-50731"
},
{
"category": "external",
"summary": "SUSE Bug 1256049 for CVE-2022-50731",
"url": "https://bugzilla.suse.com/1256049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50731"
},
{
"cve": "CVE-2022-50732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8192u: Fix use after free in ieee80211_rx()\n\nWe cannot dereference the \"skb\" pointer after calling\nieee80211_monitor_rx(), because it is a use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50732",
"url": "https://www.suse.com/security/cve/CVE-2022-50732"
},
{
"category": "external",
"summary": "SUSE Bug 1256063 for CVE-2022-50732",
"url": "https://bugzilla.suse.com/1256063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50732"
},
{
"cve": "CVE-2022-50733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: idmouse: fix an uninit-value in idmouse_open\n\nIn idmouse_create_image, if any ftip_command fails, it will\ngo to the reset label. However, this leads to the data in\nbulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check\nfor valid image incurs an uninitialized dereference.\n\nFix this by moving the check before reset label since this\ncheck only be valid if the data after bulk_in_buffer[HEADER]\nhas concrete data.\n\nNote that this is found by KMSAN, so only kernel compilation\nis tested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50733",
"url": "https://www.suse.com/security/cve/CVE-2022-50733"
},
{
"category": "external",
"summary": "SUSE Bug 1256064 for CVE-2022-50733",
"url": "https://bugzilla.suse.com/1256064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50733"
},
{
"cve": "CVE-2022-50735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76u_status_worker if the device is not running\n\nFix the following NULL pointer dereference avoiding to run\nmt76u_status_worker thread if the device is not running yet.\n\nKASAN: null-ptr-deref in range\n[0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 98 Comm: kworker/u2:2 Not tainted 5.14.0+ #78 Hardware\nname: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\nWorkqueue: mt76 mt76u_tx_status_data\nRIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0\nCode: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 \u003c0f\u003e\nb6\n04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7\nRSP: 0018:ffffc900005af988 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a\nRBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c\nR10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8\nR13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28\nFS: 0000000000000000(0000) GS:ffff88811aa00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n mt76x02_send_tx_status+0x1d2/0xeb0\n mt76x02_tx_status_data+0x8e/0xd0\n mt76u_tx_status_data+0xe1/0x240\n process_one_work+0x92b/0x1460\n worker_thread+0x95/0xe00\n kthread+0x3a1/0x480\n ret_from_fork+0x1f/0x30\nModules linked in:\n--[ end trace 8df5d20fc5040f65 ]--\nRIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0\nCode: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00\n48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 \u003c0f\u003e\nb6\n04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7\nRSP: 0018:ffffc900005af988 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a\nRBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c\nR10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8\nR13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28\nFS: 0000000000000000(0000) GS:ffff88811aa00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0\nPKRU: 55555554\n\nMoreover move stat_work schedule out of the for loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50735",
"url": "https://www.suse.com/security/cve/CVE-2022-50735"
},
{
"category": "external",
"summary": "SUSE Bug 1256141 for CVE-2022-50735",
"url": "https://bugzilla.suse.com/1256141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50735"
},
{
"cve": "CVE-2022-50736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix immediate work request flush to completion queue\n\nCorrectly set send queue element opcode during immediate work request\nflushing in post sendqueue operation, if the QP is in ERROR state.\nAn undefined ocode value results in out-of-bounds access to an array\nfor mapping the opcode between siw internal and RDMA core representation\nin work completion generation. It resulted in a KASAN BUG report\nof type \u0027global-out-of-bounds\u0027 during NFSoRDMA testing.\n\nThis patch further fixes a potential case of a malicious user which may\nwrite undefined values for completion queue elements status or opcode,\nif the CQ is memory mapped to user land. It avoids the same out-of-bounds\naccess to arrays for status and opcode mapping as described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50736",
"url": "https://www.suse.com/security/cve/CVE-2022-50736"
},
{
"category": "external",
"summary": "SUSE Bug 1256137 for CVE-2022-50736",
"url": "https://bugzilla.suse.com/1256137"
},
{
"category": "external",
"summary": "SUSE Bug 1256138 for CVE-2022-50736",
"url": "https://bugzilla.suse.com/1256138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50736"
},
{
"cve": "CVE-2022-50740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50740"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()\n\nSyzkaller reports a long-known leak of urbs in\nath9k_hif_usb_dealloc_tx_urbs().\n\nThe cause of the leak is that usb_get_urb() is called but usb_free_urb()\n(or usb_put_urb()) is not called inside usb_kill_urb() as urb-\u003edev or\nurb-\u003eep fields have not been initialized and usb_kill_urb() returns\nimmediately.\n\nThe patch removes trying to kill urbs located in hif_dev-\u003etx.tx_buf\nbecause hif_dev-\u003etx.tx_buf is not supposed to contain urbs which are in\npending state (the pending urbs are stored in hif_dev-\u003etx.tx_pending).\nThe tx.tx_lock is acquired so there should not be any changes in the list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50740",
"url": "https://www.suse.com/security/cve/CVE-2022-50740"
},
{
"category": "external",
"summary": "SUSE Bug 1256155 for CVE-2022-50740",
"url": "https://bugzilla.suse.com/1256155"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50740"
},
{
"cve": "CVE-2022-50742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ocxl: fix possible refcount leak in afu_ioctl()\n\neventfd_ctx_put need to be called to put the refcount that gotten by\neventfd_ctx_fdget when ocxl_irq_set_handler fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50742",
"url": "https://www.suse.com/security/cve/CVE-2022-50742"
},
{
"category": "external",
"summary": "SUSE Bug 1256143 for CVE-2022-50742",
"url": "https://bugzilla.suse.com/1256143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50742"
},
{
"cve": "CVE-2022-50744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs\n\nDuring I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rx_monitor, a\nhard lockup similar to the call trace below may occur.\n\nThe spin_lock_bh in lpfc_rx_monitor_report is not protecting from timer\ninterrupts as expected, so change the strength of the spin lock to _irq.\n\nKernel panic - not syncing: Hard LOCKUP\nCPU: 3 PID: 110402 Comm: cat Kdump: loaded\n\nexception RIP: native_queued_spin_lock_slowpath+91\n\n[IRQ stack]\n native_queued_spin_lock_slowpath at ffffffffb814e30b\n _raw_spin_lock at ffffffffb89a667a\n lpfc_rx_monitor_record at ffffffffc0a73a36 [lpfc]\n lpfc_cmf_timer at ffffffffc0abbc67 [lpfc]\n __hrtimer_run_queues at ffffffffb8184250\n hrtimer_interrupt at ffffffffb8184ab0\n smp_apic_timer_interrupt at ffffffffb8a026ba\n apic_timer_interrupt at ffffffffb8a01c4f\n[End of IRQ stack]\n\n apic_timer_interrupt at ffffffffb8a01c4f\n lpfc_rx_monitor_report at ffffffffc0a73c80 [lpfc]\n lpfc_rx_monitor_read at ffffffffc0addde1 [lpfc]\n full_proxy_read at ffffffffb83e7fc3\n vfs_read at ffffffffb833fe71\n ksys_read at ffffffffb83402af\n do_syscall_64 at ffffffffb800430b\n entry_SYSCALL_64_after_hwframe at ffffffffb8a000ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50744",
"url": "https://www.suse.com/security/cve/CVE-2022-50744"
},
{
"category": "external",
"summary": "SUSE Bug 1256165 for CVE-2022-50744",
"url": "https://bugzilla.suse.com/1256165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50744"
},
{
"cve": "CVE-2022-50745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: tegra-video: fix device_node use after free\n\nAt probe time this code path is followed:\n\n * tegra_csi_init\n * tegra_csi_channels_alloc\n * for_each_child_of_node(node, channel) -- iterates over channels\n * automatically gets \u0027channel\u0027\n * tegra_csi_channel_alloc()\n * saves into chan-\u003eof_node a pointer to the channel OF node\n * automatically gets and puts \u0027channel\u0027\n * now the node saved in chan-\u003eof_node has refcount 0, can disappear\n * tegra_csi_channels_init\n * iterates over channels\n * tegra_csi_channel_init -- uses chan-\u003eof_node\n\nAfter that, chan-\u003eof_node keeps storing the node until the device is\nremoved.\n\nof_node_get() the node and of_node_put() it during teardown to avoid any\nrisk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50745",
"url": "https://www.suse.com/security/cve/CVE-2022-50745"
},
{
"category": "external",
"summary": "SUSE Bug 1256158 for CVE-2022-50745",
"url": "https://bugzilla.suse.com/1256158"
},
{
"category": "external",
"summary": "SUSE Bug 1256159 for CVE-2022-50745",
"url": "https://bugzilla.suse.com/1256159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50745"
},
{
"cve": "CVE-2022-50747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in-\u003elen is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50747",
"url": "https://www.suse.com/security/cve/CVE-2022-50747"
},
{
"category": "external",
"summary": "SUSE Bug 1256432 for CVE-2022-50747",
"url": "https://bugzilla.suse.com/1256432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50747"
},
{
"cve": "CVE-2022-50749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: fix potential integer overflow in encode_comp_t()\n\nThe integer overflow is descripted with following codes:\n \u003e 317 static comp_t encode_comp_t(u64 value)\n \u003e 318 {\n \u003e 319 int exp, rnd;\n ......\n \u003e 341 exp \u003c\u003c= MANTSIZE;\n \u003e 342 exp += value;\n \u003e 343 return exp;\n \u003e 344 }\n\nCurrently comp_t is defined as type of \u0027__u16\u0027, but the variable \u0027exp\u0027 is\ntype of \u0027int\u0027, so overflow would happen when variable \u0027exp\u0027 in line 343 is\ngreater than 65535.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50749",
"url": "https://www.suse.com/security/cve/CVE-2022-50749"
},
{
"category": "external",
"summary": "SUSE Bug 1256191 for CVE-2022-50749",
"url": "https://bugzilla.suse.com/1256191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50749"
},
{
"cve": "CVE-2022-50750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure\n\nIn case mipi_dsi_attach() fails, call drm_panel_remove() to\navoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50750",
"url": "https://www.suse.com/security/cve/CVE-2022-50750"
},
{
"category": "external",
"summary": "SUSE Bug 1256188 for CVE-2022-50750",
"url": "https://bugzilla.suse.com/1256188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50750"
},
{
"cve": "CVE-2022-50751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix possible memory leak in configfs_create_dir()\n\nkmemleak reported memory leaks in configfs_create_dir():\n\nunreferenced object 0xffff888009f6af00 (size 192):\n comm \"modprobe\", pid 3777, jiffies 4295537735 (age 233.784s)\n backtrace:\n kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273)\n new_fragment (./include/linux/slab.h:600 fs/configfs/dir.c:163)\n configfs_register_subsystem (fs/configfs/dir.c:1857)\n basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic\n do_one_initcall (init/main.c:1296)\n do_init_module (kernel/module/main.c:2455)\n ...\n\nunreferenced object 0xffff888003ba7180 (size 96):\n comm \"modprobe\", pid 3777, jiffies 4295537735 (age 233.784s)\n backtrace:\n kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273)\n configfs_new_dirent (./include/linux/slab.h:723 fs/configfs/dir.c:194)\n configfs_make_dirent (fs/configfs/dir.c:248)\n configfs_create_dir (fs/configfs/dir.c:296)\n configfs_attach_group.isra.28 (fs/configfs/dir.c:816 fs/configfs/dir.c:852)\n configfs_register_subsystem (fs/configfs/dir.c:1881)\n basic_write (drivers/hwtracing/stm/p_basic.c:14) stm_p_basic\n do_one_initcall (init/main.c:1296)\n do_init_module (kernel/module/main.c:2455)\n ...\n\nThis is because the refcount is not correct in configfs_make_dirent().\nFor normal stage, the refcount is changing as:\n\nconfigfs_register_subsystem()\n configfs_create_dir()\n configfs_make_dirent()\n configfs_new_dirent() # set s_count = 1\n dentry-\u003ed_fsdata = configfs_get(sd); # s_count = 2\n...\nconfigfs_unregister_subsystem()\n configfs_remove_dir()\n remove_dir()\n configfs_remove_dirent() # s_count = 1\n dput() ...\n *dentry_unlink_inode()*\n configfs_d_iput() # s_count = 0, release\n\nHowever, if we failed in configfs_create():\n\nconfigfs_register_subsystem()\n configfs_create_dir()\n configfs_make_dirent() # s_count = 2\n ...\n configfs_create() # fail\n -\u003eout_remove:\n configfs_remove_dirent(dentry)\n configfs_put(sd) # s_count = 1\n return PTR_ERR(inode);\n\nThere is no inode in the error path, so the configfs_d_iput() is lost\nand makes sd and fragment memory leaked.\n\nTo fix this, when we failed in configfs_create(), manually call\nconfigfs_put(sd) to keep the refcount correct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50751",
"url": "https://www.suse.com/security/cve/CVE-2022-50751"
},
{
"category": "external",
"summary": "SUSE Bug 1256184 for CVE-2022-50751",
"url": "https://bugzilla.suse.com/1256184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2022-50751"
},
{
"cve": "CVE-2022-50752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()\n\nWhen running chunk-sized reads on disks with badblocks duplicate bio\nfree/puts are observed:\n\n =============================================================================\n BUG bio-200 (Not tainted): Object already free\n -----------------------------------------------------------------------------\n Allocated in mempool_alloc_slab+0x17/0x20 age=3 cpu=2 pid=7504\n __slab_alloc.constprop.0+0x5a/0xb0\n kmem_cache_alloc+0x31e/0x330\n mempool_alloc_slab+0x17/0x20\n mempool_alloc+0x100/0x2b0\n bio_alloc_bioset+0x181/0x460\n do_mpage_readpage+0x776/0xd00\n mpage_readahead+0x166/0x320\n blkdev_readahead+0x15/0x20\n read_pages+0x13f/0x5f0\n page_cache_ra_unbounded+0x18d/0x220\n force_page_cache_ra+0x181/0x1c0\n page_cache_sync_ra+0x65/0xb0\n filemap_get_pages+0x1df/0xaf0\n filemap_read+0x1e1/0x700\n blkdev_read_iter+0x1e5/0x330\n vfs_read+0x42a/0x570\n Freed in mempool_free_slab+0x17/0x20 age=3 cpu=2 pid=7504\n kmem_cache_free+0x46d/0x490\n mempool_free_slab+0x17/0x20\n mempool_free+0x66/0x190\n bio_free+0x78/0x90\n bio_put+0x100/0x1a0\n raid5_make_request+0x2259/0x2450\n md_handle_request+0x402/0x600\n md_submit_bio+0xd9/0x120\n __submit_bio+0x11f/0x1b0\n submit_bio_noacct_nocheck+0x204/0x480\n submit_bio_noacct+0x32e/0xc70\n submit_bio+0x98/0x1a0\n mpage_readahead+0x250/0x320\n blkdev_readahead+0x15/0x20\n read_pages+0x13f/0x5f0\n page_cache_ra_unbounded+0x18d/0x220\n Slab 0xffffea000481b600 objects=21 used=0 fp=0xffff8881206d8940 flags=0x17ffffc0010201(locked|slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n CPU: 0 PID: 34525 Comm: kworker/u24:2 Not tainted 6.0.0-rc2-localyes-265166-gf11c5343fa3f #143\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Workqueue: raid5wq raid5_do_work\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5a/0x78\n dump_stack+0x10/0x16\n print_trailer+0x158/0x165\n object_err+0x35/0x50\n free_debug_processing.cold+0xb7/0xbe\n __slab_free+0x1ae/0x330\n kmem_cache_free+0x46d/0x490\n mempool_free_slab+0x17/0x20\n mempool_free+0x66/0x190\n bio_free+0x78/0x90\n bio_put+0x100/0x1a0\n mpage_end_io+0x36/0x150\n bio_endio+0x2fd/0x360\n md_end_io_acct+0x7e/0x90\n bio_endio+0x2fd/0x360\n handle_failed_stripe+0x960/0xb80\n handle_stripe+0x1348/0x3760\n handle_active_stripes.constprop.0+0x72a/0xaf0\n raid5_do_work+0x177/0x330\n process_one_work+0x616/0xb20\n worker_thread+0x2bd/0x6f0\n kthread+0x179/0x1b0\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nThe double free is caused by an unnecessary bio_put() in the\nif(is_badblock(...)) error path in raid5_read_one_chunk().\n\nThe error path was moved ahead of bio_alloc_clone() in c82aa1b76787c\n(\"md/raid5: move checking badblock before clone bio in\nraid5_read_one_chunk\"). The previous code checked and freed align_bio\nwhich required a bio_put. After the move that is no longer needed as\nraid_bio is returned to the control of the common io path which\nperforms its own endio resulting in a double free on bad device blocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50752",
"url": "https://www.suse.com/security/cve/CVE-2022-50752"
},
{
"category": "external",
"summary": "SUSE Bug 1256204 for CVE-2022-50752",
"url": "https://bugzilla.suse.com/1256204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50752"
},
{
"cve": "CVE-2022-50754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix a memleak in multi_transaction_new()\n\nIn multi_transaction_new(), the variable t is not freed or passed out\non the failure of copy_from_user(t-\u003edata, buf, size), which could lead\nto a memleak.\n\nFix this bug by adding a put_multi_transaction(t) in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50754",
"url": "https://www.suse.com/security/cve/CVE-2022-50754"
},
{
"category": "external",
"summary": "SUSE Bug 1256065 for CVE-2022-50754",
"url": "https://bugzilla.suse.com/1256065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50754"
},
{
"cve": "CVE-2022-50755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid double brelse() in udf_rename()\n\nsyzbot reported a warning like below [1]:\n\nVFS: brelse: Trying to free free buffer\nWARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 __brelse+0x67/0xa0\n...\nCall Trace:\n \u003cTASK\u003e\n invalidate_bh_lru+0x99/0x150\n smp_call_function_many_cond+0xe2a/0x10c0\n ? generic_remap_file_range_prep+0x50/0x50\n ? __brelse+0xa0/0xa0\n ? __mutex_lock+0x21c/0x12d0\n ? smp_call_on_cpu+0x250/0x250\n ? rcu_read_lock_sched_held+0xb/0x60\n ? lock_release+0x587/0x810\n ? __brelse+0xa0/0xa0\n ? generic_remap_file_range_prep+0x50/0x50\n on_each_cpu_cond_mask+0x3c/0x80\n blkdev_flush_mapping+0x13a/0x2f0\n blkdev_put_whole+0xd3/0xf0\n blkdev_put+0x222/0x760\n deactivate_locked_super+0x96/0x160\n deactivate_super+0xda/0x100\n cleanup_mnt+0x222/0x3d0\n task_work_run+0x149/0x240\n ? task_work_cancel+0x30/0x30\n do_exit+0xb29/0x2a40\n ? reacquire_held_locks+0x4a0/0x4a0\n ? do_raw_spin_lock+0x12a/0x2b0\n ? mm_update_next_owner+0x7c0/0x7c0\n ? rwlock_bug.part.0+0x90/0x90\n ? zap_other_threads+0x234/0x2d0\n do_group_exit+0xd0/0x2a0\n __x64_sys_exit_group+0x3a/0x50\n do_syscall_64+0x34/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe cause of the issue is that brelse() is called on both ofibh.sbh\nand ofibh.ebh by udf_find_entry() when it returns NULL. However,\nbrelse() is called by udf_rename(), too. So, b_count on buffer_head\nbecomes unbalanced.\n\nThis patch fixes the issue by not calling brelse() by udf_rename()\nwhen udf_find_entry() returns NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50755",
"url": "https://www.suse.com/security/cve/CVE-2022-50755"
},
{
"category": "external",
"summary": "SUSE Bug 1256199 for CVE-2022-50755",
"url": "https://bugzilla.suse.com/1256199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50755"
},
{
"cve": "CVE-2022-50756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix mempool alloc size\n\nConvert the max size to bytes to match the units of the divisor that\ncalculates the worst-case number of PRP entries.\n\nThe result is used to determine how many PRP Lists are required. The\ncode was previously rounding this to 1 list, but we can require 2 in the\nworst case. In that scenario, the driver would corrupt memory beyond the\nsize provided by the mempool.\n\nWhile unlikely to occur (you\u0027d need a 4MB in exactly 127 phys segments\non a queue that doesn\u0027t support SGLs), this memory corruption has been\nobserved by kfence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50756",
"url": "https://www.suse.com/security/cve/CVE-2022-50756"
},
{
"category": "external",
"summary": "SUSE Bug 1256216 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256216"
},
{
"category": "external",
"summary": "SUSE Bug 1256217 for CVE-2022-50756",
"url": "https://bugzilla.suse.com/1256217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50756"
},
{
"cve": "CVE-2022-50757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: camss: Clean up received buffers on failed start of streaming\n\nIt is required to return the received buffers, if streaming can not be\nstarted. For instance media_pipeline_start() may fail with EPIPE, if\na link validation between entities is not passed, and in such a case\na user gets a kernel warning:\n\n WARNING: CPU: 1 PID: 520 at drivers/media/common/videobuf2/videobuf2-core.c:1592 vb2_start_streaming+0xec/0x160\n \u003csnip\u003e\n Call trace:\n vb2_start_streaming+0xec/0x160\n vb2_core_streamon+0x9c/0x1a0\n vb2_ioctl_streamon+0x68/0xbc\n v4l_streamon+0x30/0x3c\n __video_do_ioctl+0x184/0x3e0\n video_usercopy+0x37c/0x7b0\n video_ioctl2+0x24/0x40\n v4l2_ioctl+0x4c/0x70\n\nThe fix is to correct the error path in video_start_streaming() of camss.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50757",
"url": "https://www.suse.com/security/cve/CVE-2022-50757"
},
{
"category": "external",
"summary": "SUSE Bug 1256215 for CVE-2022-50757",
"url": "https://bugzilla.suse.com/1256215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50757"
},
{
"cve": "CVE-2022-50758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vt6655: fix potential memory leak\n\nIn function device_init_td0_ring, memory is allocated for member\ntd_info of priv-\u003eapTD0Rings[i], with i increasing from 0. In case of\nallocation failure, the memory is freed in reversed order, with i\ndecreasing to 0. However, the case i=0 is left out and thus memory is\nleaked.\n\nModify the memory freeing loop to include the case i=0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50758",
"url": "https://www.suse.com/security/cve/CVE-2022-50758"
},
{
"category": "external",
"summary": "SUSE Bug 1256207 for CVE-2022-50758",
"url": "https://bugzilla.suse.com/1256207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50758"
},
{
"cve": "CVE-2022-50760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()\n\nAs comment of pci_get_class() says, it returns a pci_device with its\nrefcount increased and decreased the refcount for the input parameter\n@from if it is not NULL.\n\nIf we break the loop in amdgpu_atrm_get_bios() with \u0027pdev\u0027 not NULL, we\nneed to call pci_dev_put() to decrease the refcount. Add the missing\npci_dev_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50760",
"url": "https://www.suse.com/security/cve/CVE-2022-50760"
},
{
"category": "external",
"summary": "SUSE Bug 1255983 for CVE-2022-50760",
"url": "https://bugzilla.suse.com/1255983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50760"
},
{
"cve": "CVE-2022-50761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Fix memory leak in xen_init_lock_cpu()\n\nIn xen_init_lock_cpu(), the @name has allocated new string by kasprintf(),\nif bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead\nto a memory leak issue, fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50761",
"url": "https://www.suse.com/security/cve/CVE-2022-50761"
},
{
"category": "external",
"summary": "SUSE Bug 1256062 for CVE-2022-50761",
"url": "https://bugzilla.suse.com/1256062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50761"
},
{
"cve": "CVE-2022-50763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/octeontx - prevent integer overflows\n\nThe \"code_length\" value comes from the firmware file. If your firmware\nis untrusted realistically there is probably very little you can do to\nprotect yourself. Still we try to limit the damage as much as possible.\nAlso Smatch marks any data read from the filesystem as untrusted and\nprints warnings if it not capped correctly.\n\nThe \"code_length * 2\" can overflow. The round_up(ucode_size, 16) +\nsizeof() expression can overflow too. Prevent these overflows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50763",
"url": "https://www.suse.com/security/cve/CVE-2022-50763"
},
{
"category": "external",
"summary": "SUSE Bug 1256317 for CVE-2022-50763",
"url": "https://bugzilla.suse.com/1256317"
},
{
"category": "external",
"summary": "SUSE Bug 1256319 for CVE-2022-50763",
"url": "https://bugzilla.suse.com/1256319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50763"
},
{
"cve": "CVE-2022-50767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: Fix several use-after-free bugs\n\nSeveral types of UAFs can occur when physically removing a USB device.\n\nAdds ufx_ops_destroy() function to .fb_destroy of fb_ops, and\nin this function, there is kref_put() that finally calls ufx_free().\n\nThis fix prevents multiple UAFs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50767",
"url": "https://www.suse.com/security/cve/CVE-2022-50767"
},
{
"category": "external",
"summary": "SUSE Bug 1256426 for CVE-2022-50767",
"url": "https://bugzilla.suse.com/1256426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50767"
},
{
"cve": "CVE-2022-50769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50769"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mxcmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50769",
"url": "https://www.suse.com/security/cve/CVE-2022-50769"
},
{
"category": "external",
"summary": "SUSE Bug 1256383 for CVE-2022-50769",
"url": "https://bugzilla.suse.com/1256383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50769"
},
{
"cve": "CVE-2022-50770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix memory leak in ocfs2_mount_volume()\n\nThere is a memory leak reported by kmemleak:\n\n unreferenced object 0xffff88810cc65e60 (size 32):\n comm \"mount.ocfs2\", pid 23753, jiffies 4302528942 (age 34735.105s)\n hex dump (first 32 bytes):\n 10 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 ................\n 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff8170f73d\u003e] __kmalloc+0x4d/0x150\n [\u003cffffffffa0ac3f51\u003e] ocfs2_compute_replay_slots+0x121/0x330 [ocfs2]\n [\u003cffffffffa0b65165\u003e] ocfs2_check_volume+0x485/0x900 [ocfs2]\n [\u003cffffffffa0b68129\u003e] ocfs2_mount_volume.isra.0+0x1e9/0x650 [ocfs2]\n [\u003cffffffffa0b7160b\u003e] ocfs2_fill_super+0xe0b/0x1740 [ocfs2]\n [\u003cffffffff818e1fe2\u003e] mount_bdev+0x312/0x400\n [\u003cffffffff819a086d\u003e] legacy_get_tree+0xed/0x1d0\n [\u003cffffffff818de82d\u003e] vfs_get_tree+0x7d/0x230\n [\u003cffffffff81957f92\u003e] path_mount+0xd62/0x1760\n [\u003cffffffff81958a5a\u003e] do_mount+0xca/0xe0\n [\u003cffffffff81958d3c\u003e] __x64_sys_mount+0x12c/0x1a0\n [\u003cffffffff82f26f15\u003e] do_syscall_64+0x35/0x80\n [\u003cffffffff8300006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis call stack is related to two problems. Firstly, the ocfs2 super uses\n\"replay_map\" to trace online/offline slots, in order to recover offline\nslots during recovery and mount. But when ocfs2_truncate_log_init()\nreturns an error in ocfs2_mount_volume(), the memory of \"replay_map\" will\nnot be freed in error handling path. Secondly, the memory of \"replay_map\"\nwill not be freed if d_make_root() returns an error in ocfs2_fill_super().\nBut the memory of \"replay_map\" will be freed normally when completing\nrecovery and mount in ocfs2_complete_mount_recovery().\n\nFix the first problem by adding error handling path to free \"replay_map\"\nwhen ocfs2_truncate_log_init() fails. And fix the second problem by\ncalling ocfs2_free_replay_slots(osb) in the error handling path\n\"out_dismount\". In addition, since ocfs2_free_replay_slots() is static,\nit is necessary to remove its static attribute and declare it in header\nfile.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50770",
"url": "https://www.suse.com/security/cve/CVE-2022-50770"
},
{
"category": "external",
"summary": "SUSE Bug 1256221 for CVE-2022-50770",
"url": "https://bugzilla.suse.com/1256221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50770"
},
{
"cve": "CVE-2022-50773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt\n\nI got a null-ptr-defer error report when I do the following tests\non the qemu platform:\n\nmake defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m,\nCONFIG_SND_MTS64=m\n\nThen making test scripts:\ncat\u003etest_mod1.sh\u003c\u003cEOF\nmodprobe snd-mts64\nmodprobe snd-mts64\nEOF\n\nExecuting the script, perhaps several times, we will get a null-ptr-defer\nreport, as follow:\n\nsyzkaller:~# ./test_mod.sh\nsnd_mts64: probe of snd_mts64.0 failed with error -5\nmodprobe: ERROR: could not insert \u0027snd_mts64\u0027: No such device\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 205 Comm: modprobe Not tainted 6.1.0-rc8-00588-g76dcd734eca2 #6\n Call Trace:\n \u003cIRQ\u003e\n snd_mts64_interrupt+0x24/0xa0 [snd_mts64]\n parport_irq_handler+0x37/0x50 [parport]\n __handle_irq_event_percpu+0x39/0x190\n handle_irq_event_percpu+0xa/0x30\n handle_irq_event+0x2f/0x50\n handle_edge_irq+0x99/0x1b0\n __common_interrupt+0x5d/0x100\n common_interrupt+0xa0/0xc0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x22/0x40\n RIP: 0010:_raw_write_unlock_irqrestore+0x11/0x30\n parport_claim+0xbd/0x230 [parport]\n snd_mts64_probe+0x14a/0x465 [snd_mts64]\n platform_probe+0x3f/0xa0\n really_probe+0x129/0x2c0\n __driver_probe_device+0x6d/0xc0\n driver_probe_device+0x1a/0xa0\n __device_attach_driver+0x7a/0xb0\n bus_for_each_drv+0x62/0xb0\n __device_attach+0xe4/0x180\n bus_probe_device+0x82/0xa0\n device_add+0x550/0x920\n platform_device_add+0x106/0x220\n snd_mts64_attach+0x2e/0x80 [snd_mts64]\n port_check+0x14/0x20 [parport]\n bus_for_each_dev+0x6e/0xc0\n __parport_register_driver+0x7c/0xb0 [parport]\n snd_mts64_module_init+0x31/0x1000 [snd_mts64]\n do_one_initcall+0x3c/0x1f0\n do_init_module+0x46/0x1c6\n load_module+0x1d8d/0x1e10\n __do_sys_finit_module+0xa2/0xf0\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n Kernel panic - not syncing: Fatal exception in interrupt\n Rebooting in 1 seconds..\n\nThe mts wa not initialized during interrupt, we add check for\nmts to fix this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50773",
"url": "https://www.suse.com/security/cve/CVE-2022-50773"
},
{
"category": "external",
"summary": "SUSE Bug 1256245 for CVE-2022-50773",
"url": "https://bugzilla.suse.com/1256245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50773"
},
{
"cve": "CVE-2022-50774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50774"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix DMA transfer direction\n\nWhen CONFIG_DMA_API_DEBUG is selected, while running the crypto self\ntest on the QAT crypto algorithms, the function add_dma_entry() reports\na warning similar to the one below, saying that overlapping mappings\nare not supported. This occurs in tests where the input and the output\nscatter list point to the same buffers (i.e. two different scatter lists\nwhich point to the same chunks of memory).\n\nThe logic that implements the mapping uses the flag DMA_BIDIRECTIONAL\nfor both the input and the output scatter lists which leads to\noverlapped write mappings. These are not supported by the DMA layer.\n\nFix by specifying the correct DMA transfer directions when mapping\nbuffers. For in-place operations where the input scatter list\nmatches the output scatter list, buffers are mapped once with\nDMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag\nDMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE.\nOverlapping a read mapping with a write mapping is a valid case in\ndma-coherent devices like QAT.\nThe function that frees and unmaps the buffers, qat_alg_free_bufl()\nhas been changed accordingly to the changes to the mapping function.\n\n DMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren\u0027t supported\n WARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270\n ...\n Call Trace:\n dma_map_page_attrs+0x82/0x2d0\n ? preempt_count_add+0x6a/0xa0\n qat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat]\n qat_alg_aead_dec+0x71/0x250 [intel_qat]\n crypto_aead_decrypt+0x3d/0x70\n test_aead_vec_cfg+0x649/0x810\n ? number+0x310/0x3a0\n ? vsnprintf+0x2a3/0x550\n ? scnprintf+0x42/0x70\n ? valid_sg_divisions.constprop.0+0x86/0xa0\n ? test_aead_vec+0xdf/0x120\n test_aead_vec+0xdf/0x120\n alg_test_aead+0x185/0x400\n alg_test+0x3d8/0x500\n ? crypto_acomp_scomp_free_ctx+0x30/0x30\n ? __schedule+0x32a/0x12a0\n ? ttwu_queue_wakelist+0xbf/0x110\n ? _raw_spin_unlock_irqrestore+0x23/0x40\n ? try_to_wake_up+0x83/0x570\n ? _raw_spin_unlock_irqrestore+0x23/0x40\n ? __set_cpus_allowed_ptr_locked+0xea/0x1b0\n ? crypto_acomp_scomp_free_ctx+0x30/0x30\n cryptomgr_test+0x27/0x50\n kthread+0xe6/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50774",
"url": "https://www.suse.com/security/cve/CVE-2022-50774"
},
{
"category": "external",
"summary": "SUSE Bug 1256323 for CVE-2022-50774",
"url": "https://bugzilla.suse.com/1256323"
},
{
"category": "external",
"summary": "SUSE Bug 1256324 for CVE-2022-50774",
"url": "https://bugzilla.suse.com/1256324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2022-50774"
},
{
"cve": "CVE-2022-50776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: st: Fix memory leak in st_of_quadfs_setup()\n\nIf st_clk_register_quadfs_pll() fails, @lock should be freed before goto\n@err_exit, otherwise will cause meory leak issue, fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50776",
"url": "https://www.suse.com/security/cve/CVE-2022-50776"
},
{
"category": "external",
"summary": "SUSE Bug 1256254 for CVE-2022-50776",
"url": "https://bugzilla.suse.com/1256254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50776"
},
{
"cve": "CVE-2022-50777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe\n\nof_phy_find_device() return device node with refcount incremented.\nCall put_device() to relese it when not needed anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50777",
"url": "https://www.suse.com/security/cve/CVE-2022-50777"
},
{
"category": "external",
"summary": "SUSE Bug 1256320 for CVE-2022-50777",
"url": "https://bugzilla.suse.com/1256320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50777"
},
{
"cve": "CVE-2022-50779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()\n\nWhen insert and remove the orangefs module, then debug_help_string will\nbe leaked:\n\n unreferenced object 0xffff8881652ba000 (size 4096):\n comm \"insmod\", pid 1701, jiffies 4294893639 (age 13218.530s)\n hex dump (first 32 bytes):\n 43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79 Client Debug Key\n 77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77 words are unknow\n backtrace:\n [\u003c0000000004e6f8e3\u003e] kmalloc_trace+0x27/0xa0\n [\u003c0000000006f75d85\u003e] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs]\n [\u003c0000000091270a2a\u003e] _sub_I_65535_1+0x57/0xf70 [crc_itu_t]\n [\u003c000000004b1ee1a3\u003e] do_one_initcall+0x87/0x2a0\n [\u003c000000001d0614ae\u003e] do_init_module+0xdf/0x320\n [\u003c00000000efef068c\u003e] load_module+0x2f98/0x3330\n [\u003c000000006533b44d\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000a0da6f99\u003e] do_syscall_64+0x35/0x80\n [\u003c000000007790b19b\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen remove the module, should always free debug_help_string. Should\nalways free the allocated buffer when change the free_debug_help_string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50779",
"url": "https://www.suse.com/security/cve/CVE-2022-50779"
},
{
"category": "external",
"summary": "SUSE Bug 1256423 for CVE-2022-50779",
"url": "https://bugzilla.suse.com/1256423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50779"
},
{
"cve": "CVE-2022-50781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()\n\nIn the PP_OD_EDIT_VDDC_CURVE case the \"input_index\" variable is capped at\n2 but not checked for negative values so it results in an out of bounds\nread. This value comes from the user via sysfs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50781",
"url": "https://www.suse.com/security/cve/CVE-2022-50781"
},
{
"category": "external",
"summary": "SUSE Bug 1256306 for CVE-2022-50781",
"url": "https://bugzilla.suse.com/1256306"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50781"
},
{
"cve": "CVE-2022-50782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search caused by bad quota inode\n\nWe got a issue as fllows:\n==================================================================\n kernel BUG at fs/ext4/extents_status.c:202!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 1 PID: 810 Comm: mount Not tainted 6.1.0-rc1-next-g9631525255e3 #352\n RIP: 0010:__es_tree_search.isra.0+0xb8/0xe0\n RSP: 0018:ffffc90001227900 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000077512a0f RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000002a10 RDI: ffff8881004cd0c8\n RBP: ffff888177512ac8 R08: 47ffffffffffffff R09: 0000000000000001\n R10: 0000000000000001 R11: 00000000000679af R12: 0000000000002a10\n R13: ffff888177512d88 R14: 0000000077512a10 R15: 0000000000000000\n FS: 00007f4bd76dbc40(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005653bf993cf8 CR3: 000000017bfdf000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ext4_es_cache_extent+0xe2/0x210\n ext4_cache_extents+0xd2/0x110\n ext4_find_extent+0x5d5/0x8c0\n ext4_ext_map_blocks+0x9c/0x1d30\n ext4_map_blocks+0x431/0xa50\n ext4_getblk+0x82/0x340\n ext4_bread+0x14/0x110\n ext4_quota_read+0xf0/0x180\n v2_read_header+0x24/0x90\n v2_check_quota_file+0x2f/0xa0\n dquot_load_quota_sb+0x26c/0x760\n dquot_load_quota_inode+0xa5/0x190\n ext4_enable_quotas+0x14c/0x300\n __ext4_fill_super+0x31cc/0x32c0\n ext4_fill_super+0x115/0x2d0\n get_tree_bdev+0x1d2/0x360\n ext4_get_tree+0x19/0x30\n vfs_get_tree+0x26/0xe0\n path_mount+0x81d/0xfc0\n do_mount+0x8d/0xc0\n __x64_sys_mount+0xc0/0x160\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\next4_fill_super\n ext4_orphan_cleanup\n ext4_enable_quotas\n ext4_quota_enable\n ext4_iget --\u003e get error inode \u003c5\u003e\n ext4_ext_check_inode --\u003e Wrong imode makes it escape inspection\n make_bad_inode(inode) --\u003e EXT4_BOOT_LOADER_INO set imode\n dquot_load_quota_inode\n vfs_setup_quota_inode --\u003e check pass\n dquot_load_quota_sb\n v2_check_quota_file\n v2_read_header\n ext4_quota_read\n ext4_bread\n ext4_getblk\n ext4_map_blocks\n ext4_ext_map_blocks\n ext4_find_extent\n ext4_cache_extents\n ext4_es_cache_extent\n __es_tree_search.isra.0\n ext4_es_end --\u003e Wrong extents trigger BUG_ON\n\nIn the above issue, s_usr_quota_inum is set to 5, but inode\u003c5\u003e contains\nincorrect imode and disordered extents. Because 5 is EXT4_BOOT_LOADER_INO,\nthe ext4_ext_check_inode check in the ext4_iget function can be bypassed,\nfinally, the extents that are not checked trigger the BUG_ON in the\n__es_tree_search function. To solve this issue, check whether the inode is\nbad_inode in vfs_setup_quota_inode().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50782",
"url": "https://www.suse.com/security/cve/CVE-2022-50782"
},
{
"category": "external",
"summary": "SUSE Bug 1256282 for CVE-2022-50782",
"url": "https://bugzilla.suse.com/1256282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50782"
},
{
"cve": "CVE-2022-50809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: dbc: Fix memory leak in xhci_alloc_dbc()\n\nIf DbC is already in use, then the allocated memory for the xhci_dbc struct\ndoesn\u0027t get freed before returning NULL, which leads to a memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50809",
"url": "https://www.suse.com/security/cve/CVE-2022-50809"
},
{
"category": "external",
"summary": "SUSE Bug 1256250 for CVE-2022-50809",
"url": "https://bugzilla.suse.com/1256250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50809"
},
{
"cve": "CVE-2022-50814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr\n\nKASAN reported this Bug:\n\n\t[17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60\n\t[17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958\n\t...\n\t[17619.698934] The buggy address belongs to the variable:\n\t[17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip]\n\nThere is a mismatch in hisi_zip when get/set the variable sgl_sge_nr.\nThe type of sgl_sge_nr is u16, and get/set sgl_sge_nr by\nparam_get/set_int.\n\nReplacing param_get/set_int to param_get/set_ushort can fix this bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50814",
"url": "https://www.suse.com/security/cve/CVE-2022-50814"
},
{
"category": "external",
"summary": "SUSE Bug 1256248 for CVE-2022-50814",
"url": "https://bugzilla.suse.com/1256248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50814"
},
{
"cve": "CVE-2022-50819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: Set ubuf-\u003esg = NULL if the creation of sg table fails\n\nWhen userspace tries to map the dmabuf and if for some reason\n(e.g. OOM) the creation of the sg table fails, ubuf-\u003esg needs to be\nset to NULL. Otherwise, when the userspace subsequently closes the\ndmabuf fd, we\u0027d try to erroneously free the invalid sg table from\nrelease_udmabuf resulting in the following crash reported by syzbot:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 3609 Comm: syz-executor487 Not tainted\n5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 07/22/2022\nRIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]\nRIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]\nRIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114\nCode: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c\n8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 14\n02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2\nRSP: 0018:ffffc900037efd30 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000\nRBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 000000000008c07c R12: ffff88801fa05000\nR13: ffff888073db07e8 R14: ffff888025c25440 R15: 0000000000000000\nFS: 0000555555fc4300(0000) GS:ffff8880b9a00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc1c0ce06e4 CR3: 00000000715e6000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n dma_buf_release+0x157/0x2d0 drivers/dma-buf/dma-buf.c:78\n __dentry_kill+0x42b/0x640 fs/dcache.c:612\n dentry_kill fs/dcache.c:733 [inline]\n dput+0x806/0xdb0 fs/dcache.c:913\n __fput+0x39c/0x9d0 fs/file_table.c:333\n task_work_run+0xdd/0x1a0 kernel/task_work.c:177\n ptrace_notify+0x114/0x140 kernel/signal.c:2353\n ptrace_report_syscall include/linux/ptrace.h:420 [inline]\n ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]\n syscall_exit_work kernel/entry/common.c:249 [inline]\n syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:276\n __syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline]\n syscall_exit_to_user_mode+0x9/0x50 kernel/entry/common.c:294\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fc1c0c35b6b\nCode: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24\n0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00\nf0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44\nRSP: 002b:00007ffd78a06090 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fc1c0c35b6b\nRDX: 0000000020000280 RSI: 0000000040086200 RDI: 0000000000000006\nRBP: 0000000000000007 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c\nR13: 0000000000000003 R14: 00007fc1c0cfe4a0 R15: 00007ffd78a06140\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]\nRIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]\nRIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50819",
"url": "https://www.suse.com/security/cve/CVE-2022-50819"
},
{
"category": "external",
"summary": "SUSE Bug 1256241 for CVE-2022-50819",
"url": "https://bugzilla.suse.com/1256241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50819"
},
{
"cve": "CVE-2022-50821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Don\u0027t leak netobj memory when gss_read_proxy_verf() fails",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50821",
"url": "https://www.suse.com/security/cve/CVE-2022-50821"
},
{
"category": "external",
"summary": "SUSE Bug 1256242 for CVE-2022-50821",
"url": "https://bugzilla.suse.com/1256242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50821"
},
{
"cve": "CVE-2022-50822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50822"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Release MR restrack when delete\n\nThe MR restrack also needs to be released when delete it, otherwise it\ncause memory leak as the task struct won\u0027t be released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50822",
"url": "https://www.suse.com/security/cve/CVE-2022-50822"
},
{
"category": "external",
"summary": "SUSE Bug 1256260 for CVE-2022-50822",
"url": "https://bugzilla.suse.com/1256260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50822"
},
{
"cve": "CVE-2022-50823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: tegra: Fix refcount leak in tegra114_clock_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50823",
"url": "https://www.suse.com/security/cve/CVE-2022-50823"
},
{
"category": "external",
"summary": "SUSE Bug 1256333 for CVE-2022-50823",
"url": "https://bugzilla.suse.com/1256333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50823"
},
{
"cve": "CVE-2022-50824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak\n\nIn check_acpi_tpm2(), we get the TPM2 table just to make\nsure the table is there, not used after the init, so the\nacpi_put_table() should be added to release the ACPI memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50824",
"url": "https://www.suse.com/security/cve/CVE-2022-50824"
},
{
"category": "external",
"summary": "SUSE Bug 1256334 for CVE-2022-50824",
"url": "https://bugzilla.suse.com/1256334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50824"
},
{
"cve": "CVE-2022-50826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()\n\nCalling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose()\nwith a subdev state of NULL leads to a NULL pointer dereference. This\ncan currently happen in imgu_subdev_set_selection() when the state\npassed in is NULL, as this method first gets pointers to both the \"try\"\nand \"active\" states and only then decides which to use.\n\nThe same issue has been addressed for imgu_subdev_get_selection() with\ncommit 30d03a0de650 (\"ipu3-imgu: Fix NULL pointer dereference in active\nselection access\"). However the issue still persists in\nimgu_subdev_set_selection().\n\nTherefore, apply a similar fix as done in the aforementioned commit to\nimgu_subdev_set_selection(). To keep things a bit cleaner, introduce\nhelper functions for \"crop\" and \"compose\" access and use them in both\nimgu_subdev_set_selection() and imgu_subdev_get_selection().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50826",
"url": "https://www.suse.com/security/cve/CVE-2022-50826"
},
{
"category": "external",
"summary": "SUSE Bug 1256265 for CVE-2022-50826",
"url": "https://bugzilla.suse.com/1256265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50826"
},
{
"cve": "CVE-2022-50827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix memory leak in lpfc_create_port()\n\nCommit 5e633302ace1 (\"scsi: lpfc: vmid: Add support for VMID in mailbox\ncommand\") introduced allocations for the VMID resources in\nlpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the\nVMID allocations, the new code would branch to the \u0027out\u0027 label, which\nreturns NULL without unwinding anything, thus skipping the call to\nscsi_host_put().\n\nFix the problem by creating a separate label \u0027out_free_vmid\u0027 to unwind the\nVMID resources and make the \u0027out_put_shost\u0027 label call only\nscsi_host_put(), as was done before the introduction of allocations for\nVMID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50827",
"url": "https://www.suse.com/security/cve/CVE-2022-50827"
},
{
"category": "external",
"summary": "SUSE Bug 1256344 for CVE-2022-50827",
"url": "https://bugzilla.suse.com/1256344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50827"
},
{
"cve": "CVE-2022-50828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynqmp: Fix stack-out-of-bounds in strncpy`\n\n\"BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68\"\n\nLinux-ATF interface is using 16 bytes of SMC payload. In case clock name is\nlonger than 15 bytes, string terminated NULL character will not be received\nby Linux. Add explicit NULL character at last byte to fix issues when clock\nname is longer.\n\nThis fixes below bug reported by KASAN:\n\n ==================================================================\n BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68\n Read of size 1 at addr ffff0008c89a7410 by task swapper/0/1\n\n CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.4.0-00396-g81ef9e7-dirty #3\n Hardware name: Xilinx Versal vck190 Eval board revA (QSPI) (DT)\n Call trace:\n dump_backtrace+0x0/0x1e8\n show_stack+0x14/0x20\n dump_stack+0xd4/0x108\n print_address_description.isra.0+0xbc/0x37c\n __kasan_report+0x144/0x198\n kasan_report+0xc/0x18\n __asan_load1+0x5c/0x68\n strncpy+0x30/0x68\n zynqmp_clock_probe+0x238/0x7b8\n platform_drv_probe+0x6c/0xc8\n really_probe+0x14c/0x418\n driver_probe_device+0x74/0x130\n __device_attach_driver+0xc4/0xe8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x160/0x1d8\n device_initial_probe+0x10/0x18\n bus_probe_device+0xe0/0xf0\n device_add+0x528/0x950\n of_device_add+0x5c/0x80\n of_platform_device_create_pdata+0x120/0x168\n of_platform_bus_create+0x244/0x4e0\n of_platform_populate+0x50/0xe8\n zynqmp_firmware_probe+0x370/0x3a8\n platform_drv_probe+0x6c/0xc8\n really_probe+0x14c/0x418\n driver_probe_device+0x74/0x130\n device_driver_attach+0x94/0xa0\n __driver_attach+0x70/0x108\n bus_for_each_dev+0xe4/0x158\n driver_attach+0x30/0x40\n bus_add_driver+0x21c/0x2b8\n driver_register+0xbc/0x1d0\n __platform_driver_register+0x7c/0x88\n zynqmp_firmware_driver_init+0x1c/0x24\n do_one_initcall+0xa4/0x234\n kernel_init_freeable+0x1b0/0x24c\n kernel_init+0x10/0x110\n ret_from_fork+0x10/0x18\n\n The buggy address belongs to the page:\n page:ffff0008f9be1c88 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0\n raw: 0008d00000000000 ffff0008f9be1c90 ffff0008f9be1c90 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff\n page dumped because: kasan: bad access detected\n\n addr ffff0008c89a7410 is located in stack of task swapper/0/1 at offset 112 in frame:\n zynqmp_clock_probe+0x0/0x7b8\n\n this frame has 3 objects:\n [32, 44) \u0027response\u0027\n [64, 80) \u0027ret_payload\u0027\n [96, 112) \u0027name\u0027\n\n Memory state around the buggy address:\n ffff0008c89a7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff0008c89a7380: 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2 00 00 f2 f2\n \u003effff0008c89a7400: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n ^\n ffff0008c89a7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff0008c89a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50828",
"url": "https://www.suse.com/security/cve/CVE-2022-50828"
},
{
"category": "external",
"summary": "SUSE Bug 1256230 for CVE-2022-50828",
"url": "https://bugzilla.suse.com/1256230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50828"
},
{
"cve": "CVE-2022-50829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()\n\nIt is possible that skb is freed in ath9k_htc_rx_msg(), then\nusb_submit_urb() fails and we try to free skb again. It causes\nuse-after-free bug. Moreover, if alloc_skb() fails, urb-\u003econtext becomes\nNULL but rx_buf is not freed and there can be a memory leak.\n\nThe patch removes unnecessary nskb and makes skb processing more clear: it\nis supposed that ath9k_htc_rx_msg() either frees old skb or passes its\nmanaging to another callback function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50829",
"url": "https://www.suse.com/security/cve/CVE-2022-50829"
},
{
"category": "external",
"summary": "SUSE Bug 1256235 for CVE-2022-50829",
"url": "https://bugzilla.suse.com/1256235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50829"
},
{
"cve": "CVE-2022-50830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nauxdisplay: hd44780: Fix potential memory leak in hd44780_remove()\n\nhd44780_probe() allocates a memory chunk for hd with kzalloc() and\nmakes \"lcd-\u003edrvdata-\u003ehd44780\" point to it. When we call hd44780_remove(),\nwe should release all relevant memory and resource. But \"lcd-\u003edrvdata\n-\u003ehd44780\" is not released, which will lead to a memory leak.\n\nWe should release the \"lcd-\u003edrvdata-\u003ehd44780\" in hd44780_remove() to fix\nthe memory leak bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50830",
"url": "https://www.suse.com/security/cve/CVE-2022-50830"
},
{
"category": "external",
"summary": "SUSE Bug 1256328 for CVE-2022-50830",
"url": "https://bugzilla.suse.com/1256328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50830"
},
{
"cve": "CVE-2022-50832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential memory leak in wilc_mac_xmit()\n\nThe wilc_mac_xmit() returns NETDEV_TX_OK without freeing skb, add\ndev_kfree_skb() to fix it. Compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50832",
"url": "https://www.suse.com/security/cve/CVE-2022-50832"
},
{
"category": "external",
"summary": "SUSE Bug 1256228 for CVE-2022-50832",
"url": "https://bugzilla.suse.com/1256228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50832"
},
{
"cve": "CVE-2022-50834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: Fix potential resource leaks\n\nnfc_get_device() take reference for the device, add missing\nnfc_put_device() to release it when not need anymore.\nAlso fix the style warnning by use error EOPNOTSUPP instead of\nENOTSUPP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50834",
"url": "https://www.suse.com/security/cve/CVE-2022-50834"
},
{
"category": "external",
"summary": "SUSE Bug 1256219 for CVE-2022-50834",
"url": "https://bugzilla.suse.com/1256219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50834"
},
{
"cve": "CVE-2022-50835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: add miss release buffer head in fc_do_one_pass()\n\nIn fc_do_one_pass() miss release buffer head after use which will lead\nto reference count leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50835",
"url": "https://www.suse.com/security/cve/CVE-2022-50835"
},
{
"category": "external",
"summary": "SUSE Bug 1256220 for CVE-2022-50835",
"url": "https://bugzilla.suse.com/1256220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50835"
},
{
"cve": "CVE-2022-50836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()\n\nThe kfree() should be called when of_irq_get_byname() fails or\ndevm_request_threaded_irq() fails in qcom_add_sysmon_subdev(),\notherwise there will be a memory leak, so add kfree() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50836",
"url": "https://www.suse.com/security/cve/CVE-2022-50836"
},
{
"category": "external",
"summary": "SUSE Bug 1256211 for CVE-2022-50836",
"url": "https://bugzilla.suse.com/1256211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50836"
},
{
"cve": "CVE-2022-50839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix potential buffer head reference count leak\n\nAs in \u0027jbd2_fc_wait_bufs\u0027 if buffer isn\u0027t uptodate, will return -EIO without\nupdate \u0027journal-\u003ej_fc_off\u0027. But \u0027jbd2_fc_release_bufs\u0027 will release buffer head\nfrom \u0027j_fc_off - 1\u0027 if \u0027bh\u0027 is NULL will terminal release which will lead to\nbuffer head buffer head reference count leak.\nTo solve above issue, update \u0027journal-\u003ej_fc_off\u0027 before return -EIO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50839",
"url": "https://www.suse.com/security/cve/CVE-2022-50839"
},
{
"category": "external",
"summary": "SUSE Bug 1256206 for CVE-2022-50839",
"url": "https://bugzilla.suse.com/1256206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50839"
},
{
"cve": "CVE-2022-50840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: snic: Fix possible UAF in snic_tgt_create()\n\nSmatch reports a warning as follows:\n\ndrivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:\n \u0027\u0026tgt-\u003elist\u0027 not removed from list\n\nIf device_add() fails in snic_tgt_create(), tgt will be freed, but\ntgt-\u003elist will not be removed from snic-\u003edisc.tgt_list, then list traversal\nmay cause UAF.\n\nRemove from snic-\u003edisc.tgt_list before free().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50840",
"url": "https://www.suse.com/security/cve/CVE-2022-50840"
},
{
"category": "external",
"summary": "SUSE Bug 1256208 for CVE-2022-50840",
"url": "https://bugzilla.suse.com/1256208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50840"
},
{
"cve": "CVE-2022-50842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Check whether transferred 2D BO is shmem\n\nTransferred 2D BO always must be a shmem BO. Add check for that to prevent\nNULL dereference if userspace passes a VRAM BO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50842",
"url": "https://www.suse.com/security/cve/CVE-2022-50842"
},
{
"category": "external",
"summary": "SUSE Bug 1256202 for CVE-2022-50842",
"url": "https://bugzilla.suse.com/1256202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50842"
},
{
"cve": "CVE-2022-50843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50843"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm clone: Fix UAF in clone_dtr()\n\nDm_clone also has the same UAF problem when dm_resume()\nand dm_destroy() are concurrent.\n\nTherefore, cancelling timer again in clone_dtr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50843",
"url": "https://www.suse.com/security/cve/CVE-2022-50843"
},
{
"category": "external",
"summary": "SUSE Bug 1256203 for CVE-2022-50843",
"url": "https://bugzilla.suse.com/1256203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50843"
},
{
"cve": "CVE-2022-50844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/gpu/drm/amd/amdgpu/../pm/swsmu/amdgpu_smu.c:3008:29: error: incompatible function pointer types initializing \u0027int (*)(void *, uint32_t, long *, uint32_t)\u0027 (aka \u0027int (*)(void *, unsigned int, long *, unsigned int)\u0027) with an expression of type \u0027int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, uint32_t)\u0027 (aka \u0027int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, unsigned int)\u0027) [-Werror,-Wincompatible-function-pointer-types-strict]\n .odn_edit_dpm_table = smu_od_edit_dpm_table,\n ^~~~~~~~~~~~~~~~~~~~~\n 1 error generated.\n\nThere are only two implementations of -\u003eodn_edit_dpm_table() in \u0027struct\namd_pm_funcs\u0027: smu_od_edit_dpm_table() and pp_odn_edit_dpm_table(). One\nhas a second parameter type of \u0027enum PP_OD_DPM_TABLE_COMMAND\u0027 and the\nother uses \u0027u32\u0027. Ultimately, smu_od_edit_dpm_table() calls\n-\u003eod_edit_dpm_table() from \u0027struct pptable_funcs\u0027 and\npp_odn_edit_dpm_table() calls -\u003eodn_edit_dpm_table() from \u0027struct\npp_hwmgr_func\u0027, which both have a second parameter type of \u0027enum\nPP_OD_DPM_TABLE_COMMAND\u0027.\n\nUpdate the type parameter in both the prototype in \u0027struct amd_pm_funcs\u0027\nand pp_odn_edit_dpm_table() to \u0027enum PP_OD_DPM_TABLE_COMMAND\u0027, which\ncleans up the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50844",
"url": "https://www.suse.com/security/cve/CVE-2022-50844"
},
{
"category": "external",
"summary": "SUSE Bug 1256205 for CVE-2022-50844",
"url": "https://bugzilla.suse.com/1256205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50844"
},
{
"cve": "CVE-2022-50845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix inode leak in ext4_xattr_inode_create() on an error path\n\nThere is issue as follows when do setxattr with inject fault:\n\n[localhost]# fsck.ext4 -fn /dev/sda\ne2fsck 1.46.6-rc1 (12-Sep-2022)\nPass 1: Checking inodes, blocks, and sizes\nPass 2: Checking directory structure\nPass 3: Checking directory connectivity\nPass 4: Checking reference counts\nUnattached zero-length inode 15. Clear? no\n\nUnattached inode 15\nConnect to /lost+found? no\n\nPass 5: Checking group summary information\n\n/dev/sda: ********** WARNING: Filesystem still has errors **********\n\n/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks\n\nThis occurs in \u0027ext4_xattr_inode_create()\u0027. If \u0027ext4_mark_inode_dirty()\u0027\nfails, dropping i_nlink of the inode is needed. Or will lead to inode leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50845",
"url": "https://www.suse.com/security/cve/CVE-2022-50845"
},
{
"category": "external",
"summary": "SUSE Bug 1256196 for CVE-2022-50845",
"url": "https://bugzilla.suse.com/1256196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50845"
},
{
"cve": "CVE-2022-50846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: via-sdmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\nit will lead two issues:\n1. The memory that allocated in mmc_alloc_host() is leaked.\n2. In the remove() path, mmc_remove_host() will be called to\n delete device, but it\u0027s not added yet, it will lead a kernel\n crash because of null-ptr-deref in device_del().\n\nFix this by checking the return value and goto error path which\nwill call mmc_free_host().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50846",
"url": "https://www.suse.com/security/cve/CVE-2022-50846"
},
{
"category": "external",
"summary": "SUSE Bug 1256200 for CVE-2022-50846",
"url": "https://bugzilla.suse.com/1256200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50846"
},
{
"cve": "CVE-2022-50848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: dio: fix possible memory leak in dio_init()\n\nIf device_register() returns error, the \u0027dev\u0027 and name needs be\nfreed. Add a release function, and then call put_device() in the\nerror path, so the name is freed in kobject_cleanup() and to the\n\u0027dev\u0027 is freed in release function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50848",
"url": "https://www.suse.com/security/cve/CVE-2022-50848"
},
{
"category": "external",
"summary": "SUSE Bug 1256192 for CVE-2022-50848",
"url": "https://bugzilla.suse.com/1256192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50848"
},
{
"cve": "CVE-2022-50849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: Avoid kcore oops by vmap()ing with VM_IOREMAP\n\nAn oops can be induced by running \u0027cat /proc/kcore \u003e /dev/null\u0027 on\ndevices using pstore with the ram backend because kmap_atomic() assumes\nlowmem pages are accessible with __va().\n\n Unable to handle kernel paging request at virtual address ffffff807ff2b000\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000081d87000\n [ffffff807ff2b000] pgd=180000017fe18003, p4d=180000017fe18003, pud=180000017fe18003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] PREEMPT SMP\n Modules linked in: dm_integrity\n CPU: 7 PID: 21179 Comm: perf Not tainted 5.15.67-10882-ge4eb2eb988cd #1 baa443fb8e8477896a370b31a821eb2009f9bfba\n Hardware name: Google Lazor (rev3 - 8) (DT)\n pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __memcpy+0x110/0x260\n lr : vread+0x194/0x294\n sp : ffffffc013ee39d0\n x29: ffffffc013ee39f0 x28: 0000000000001000 x27: ffffff807ff2b000\n x26: 0000000000001000 x25: ffffffc0085a2000 x24: ffffff802d4b3000\n x23: ffffff80f8a60000 x22: ffffff802d4b3000 x21: ffffffc0085a2000\n x20: ffffff8080b7bc68 x19: 0000000000001000 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: ffffffd3073f2e60\n x14: ffffffffad588000 x13: 0000000000000000 x12: 0000000000000001\n x11: 00000000000001a2 x10: 00680000fff2bf0b x9 : 03fffffff807ff2b\n x8 : 0000000000000001 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : ffffff802d4b4000 x4 : ffffff807ff2c000 x3 : ffffffc013ee3a78\n x2 : 0000000000001000 x1 : ffffff807ff2b000 x0 : ffffff802d4b3000\n Call trace:\n __memcpy+0x110/0x260\n read_kcore+0x584/0x778\n proc_reg_read+0xb4/0xe4\n\nDuring early boot, memblock reserves the pages for the ramoops reserved\nmemory node in DT that would otherwise be part of the direct lowmem\nmapping. Pstore\u0027s ram backend reuses those reserved pages to change the\nmemory type (writeback or non-cached) by passing the pages to vmap()\n(see pfn_to_page() usage in persistent_ram_vmap() for more details) with\nspecific flags. When read_kcore() starts iterating over the vmalloc\nregion, it runs over the virtual address that vmap() returned for\nramoops. In aligned_vread() the virtual address is passed to\nvmalloc_to_page() which returns the page struct for the reserved lowmem\narea. That lowmem page is passed to kmap_atomic(), which effectively\ncalls page_to_virt() that assumes a lowmem page struct must be directly\naccessible with __va() and friends. These pages are mapped via vmap()\nthough, and the lowmem mapping was never made, so accessing them via the\nlowmem virtual address oopses like above.\n\nLet\u0027s side-step this problem by passing VM_IOREMAP to vmap(). This will\ntell vread() to not include the ramoops region in the kcore. Instead the\narea will look like a bunch of zeros. The alternative is to teach kmap()\nabout vmalloc areas that intersect with lowmem. Presumably such a change\nisn\u0027t a one-liner, and there isn\u0027t much interest in inspecting the\nramoops region in kcore files anyway, so the most expedient route is\ntaken for now.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50849",
"url": "https://www.suse.com/security/cve/CVE-2022-50849"
},
{
"category": "external",
"summary": "SUSE Bug 1256193 for CVE-2022-50849",
"url": "https://bugzilla.suse.com/1256193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50849"
},
{
"cve": "CVE-2022-50850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ipr: Fix WARNING in ipr_init()\n\nipr_init() will not call unregister_reboot_notifier() when\npci_register_driver() fails, which causes a WARNING. Call\nunregister_reboot_notifier() when pci_register_driver() fails.\n\nnotifier callback ipr_halt [ipr] already registered\nWARNING: CPU: 3 PID: 299 at kernel/notifier.c:29\nnotifier_chain_register+0x16d/0x230\nModules linked in: ipr(+) xhci_pci_renesas xhci_hcd ehci_hcd usbcore\nled_class gpu_sched drm_buddy video wmi drm_ttm_helper ttm\ndrm_display_helper drm_kms_helper drm drm_panel_orientation_quirks\nagpgart cfbft\nCPU: 3 PID: 299 Comm: modprobe Tainted: G W\n6.1.0-rc1-00190-g39508d23b672-dirty #332\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:notifier_chain_register+0x16d/0x230\nCall Trace:\n \u003cTASK\u003e\n __blocking_notifier_chain_register+0x73/0xb0\n ipr_init+0x30/0x1000 [ipr]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50850",
"url": "https://www.suse.com/security/cve/CVE-2022-50850"
},
{
"category": "external",
"summary": "SUSE Bug 1256194 for CVE-2022-50850",
"url": "https://bugzilla.suse.com/1256194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50850"
},
{
"cve": "CVE-2022-50851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: fix the crash in unmap a large memory\n\nWhile testing in vIOMMU, sometimes Guest will unmap very large memory,\nwhich will cause the crash. To fix this, add a new function\nvhost_vdpa_general_unmap(). This function will only unmap the memory\nthat saved in iotlb.\n\nCall Trace:\n[ 647.820144] ------------[ cut here ]------------\n[ 647.820848] kernel BUG at drivers/iommu/intel/iommu.c:1174!\n[ 647.821486] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 647.822082] CPU: 10 PID: 1181 Comm: qemu-system-x86 Not tainted 6.0.0-rc1home_lulu_2452_lulu7_vhost+ #62\n[ 647.823139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qem4\n[ 647.824365] RIP: 0010:domain_unmap+0x48/0x110\n[ 647.825424] Code: 48 89 fb 8d 4c f6 1e 39 c1 0f 4f c8 83 e9 0c 83 f9 3f 7f 18 48 89 e8 48 d3 e8 48 85 c0 75 59\n[ 647.828064] RSP: 0018:ffffae5340c0bbf0 EFLAGS: 00010202\n[ 647.828973] RAX: 0000000000000001 RBX: ffff921793d10540 RCX: 000000000000001b\n[ 647.830083] RDX: 00000000080000ff RSI: 0000000000000001 RDI: ffff921793d10540\n[ 647.831214] RBP: 0000000007fc0100 R08: ffffae5340c0bcd0 R09: 0000000000000003\n[ 647.832388] R10: 0000007fc0100000 R11: 0000000000100000 R12: 00000000080000ff\n[ 647.833668] R13: ffffae5340c0bcd0 R14: ffff921793d10590 R15: 0000008000100000\n[ 647.834782] FS: 00007f772ec90640(0000) GS:ffff921ce7a80000(0000) knlGS:0000000000000000\n[ 647.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 647.836990] CR2: 00007f02c27a3a20 CR3: 0000000101b0c006 CR4: 0000000000372ee0\n[ 647.838107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 647.839283] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 647.840666] Call Trace:\n[ 647.841437] \u003cTASK\u003e\n[ 647.842107] intel_iommu_unmap_pages+0x93/0x140\n[ 647.843112] __iommu_unmap+0x91/0x1b0\n[ 647.844003] iommu_unmap+0x6a/0x95\n[ 647.844885] vhost_vdpa_unmap+0x1de/0x1f0 [vhost_vdpa]\n[ 647.845985] vhost_vdpa_process_iotlb_msg+0xf0/0x90b [vhost_vdpa]\n[ 647.847235] ? _raw_spin_unlock+0x15/0x30\n[ 647.848181] ? _copy_from_iter+0x8c/0x580\n[ 647.849137] vhost_chr_write_iter+0xb3/0x430 [vhost]\n[ 647.850126] vfs_write+0x1e4/0x3a0\n[ 647.850897] ksys_write+0x53/0xd0\n[ 647.851688] do_syscall_64+0x3a/0x90\n[ 647.852508] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 647.853457] RIP: 0033:0x7f7734ef9f4f\n[ 647.854408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 76 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c8\n[ 647.857217] RSP: 002b:00007f772ec8f040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 647.858486] RAX: ffffffffffffffda RBX: 00000000fef00000 RCX: 00007f7734ef9f4f\n[ 647.859713] RDX: 0000000000000048 RSI: 00007f772ec8f090 RDI: 0000000000000010\n[ 647.860942] RBP: 00007f772ec8f1a0 R08: 0000000000000000 R09: 0000000000000000\n[ 647.862206] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000010\n[ 647.863446] R13: 0000000000000002 R14: 0000000000000000 R15: ffffffff01100000\n[ 647.864692] \u003c/TASK\u003e\n[ 647.865458] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs v]\n[ 647.874688] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50851",
"url": "https://www.suse.com/security/cve/CVE-2022-50851"
},
{
"category": "external",
"summary": "SUSE Bug 1256186 for CVE-2022-50851",
"url": "https://bugzilla.suse.com/1256186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50851"
},
{
"cve": "CVE-2022-50853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix a credential leak in _nfs4_discover_trunking()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50853",
"url": "https://www.suse.com/security/cve/CVE-2022-50853"
},
{
"category": "external",
"summary": "SUSE Bug 1256189 for CVE-2022-50853",
"url": "https://bugzilla.suse.com/1256189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50853"
},
{
"cve": "CVE-2022-50856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix xid leak in cifs_ses_add_channel()\n\nBefore return, should free the xid, otherwise, the\nxid will be leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50856",
"url": "https://www.suse.com/security/cve/CVE-2022-50856"
},
{
"category": "external",
"summary": "SUSE Bug 1256182 for CVE-2022-50856",
"url": "https://bugzilla.suse.com/1256182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50856"
},
{
"cve": "CVE-2022-50858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: alcor: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and calling mmc_free_host() in the\nerror path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50858",
"url": "https://www.suse.com/security/cve/CVE-2022-50858"
},
{
"category": "external",
"summary": "SUSE Bug 1256391 for CVE-2022-50858",
"url": "https://bugzilla.suse.com/1256391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50858"
},
{
"cve": "CVE-2022-50859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message\n\nCommit d5c7076b772a (\"smb3: add smb3.1.1 to default dialect list\")\nextend the dialects from 3 to 4, but forget to decrease the extended\nlength when specific the dialect, then the message length is larger\nthan expected.\n\nThis maybe leak some info through network because not initialize the\nmessage body.\n\nAfter apply this patch, the VALIDATE_NEGOTIATE_INFO message length is\nreduced from 28 bytes to 26 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50859",
"url": "https://www.suse.com/security/cve/CVE-2022-50859"
},
{
"category": "external",
"summary": "SUSE Bug 1256172 for CVE-2022-50859",
"url": "https://bugzilla.suse.com/1256172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50859"
},
{
"cve": "CVE-2022-50860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix memleak in alloc_ns()\n\nAfter changes in commit a1bd627b46d1 (\"apparmor: share profile name on\nreplacement\"), the hname member of struct aa_policy is not valid slab\nobject, but a subset of that, it can not be freed by kfree_sensitive(),\nuse aa_policy_destroy() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50860",
"url": "https://www.suse.com/security/cve/CVE-2022-50860"
},
{
"category": "external",
"summary": "SUSE Bug 1256174 for CVE-2022-50860",
"url": "https://bugzilla.suse.com/1256174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50860"
},
{
"cve": "CVE-2022-50861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Finish converting the NFSv2 GETACL result encoder\n\nThe xdr_stream conversion inadvertently left some code that set the\npage_len of the send buffer. The XDR stream encoders should handle\nthis automatically now.\n\nThis oversight adds garbage past the end of the Reply message.\nClients typically ignore the garbage, but NFSD does not need to send\nit, as it leaks stale memory contents onto the wire.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50861",
"url": "https://www.suse.com/security/cve/CVE-2022-50861"
},
{
"category": "external",
"summary": "SUSE Bug 1256177 for CVE-2022-50861",
"url": "https://bugzilla.suse.com/1256177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50861"
},
{
"cve": "CVE-2022-50864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix shift-out-of-bounds due to too large exponent of block size\n\nIf field s_log_block_size of superblock data is corrupted and too large,\ninit_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds\nwarning followed by a kernel panic (if panic_on_warn is set):\n\n shift exponent 38973 is too large for 32-bit type \u0027int\u0027\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xcd/0x134\n ubsan_epilogue+0xb/0x50\n __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5\n init_nilfs.cold.11+0x18/0x1d [nilfs2]\n nilfs_mount+0x9b5/0x12b0 [nilfs2]\n ...\n\nThis fixes the issue by adding and using a new helper function for getting\nblock size with sanity check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50864",
"url": "https://www.suse.com/security/cve/CVE-2022-50864"
},
{
"category": "external",
"summary": "SUSE Bug 1256167 for CVE-2022-50864",
"url": "https://bugzilla.suse.com/1256167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50864"
},
{
"cve": "CVE-2022-50866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: pxa: fix null-pointer dereference in filter()\n\nkasprintf() would return NULL pointer when kmalloc() fail to allocate.\nNeed to check the return pointer before calling strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50866",
"url": "https://www.suse.com/security/cve/CVE-2022-50866"
},
{
"category": "external",
"summary": "SUSE Bug 1256162 for CVE-2022-50866",
"url": "https://bugzilla.suse.com/1256162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50866"
},
{
"cve": "CVE-2022-50868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: amd - Fix PCI device refcount leak\n\nfor_each_pci_dev() is implemented by pci_get_device(). The comment of\npci_get_device() says that it will increase the reference count for the\nreturned pci_dev and also decrease the reference count for the input\npci_dev @from if it is not NULL.\n\nIf we break for_each_pci_dev() loop with pdev not NULL, we need to call\npci_dev_put() to decrease the reference count. Add the missing\npci_dev_put() for the normal and error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50868",
"url": "https://www.suse.com/security/cve/CVE-2022-50868"
},
{
"category": "external",
"summary": "SUSE Bug 1256386 for CVE-2022-50868",
"url": "https://bugzilla.suse.com/1256386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50868"
},
{
"cve": "CVE-2022-50870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: avoid device tree lookups in rtas_os_term()\n\nrtas_os_term() is called during panic. Its behavior depends on a couple\nof conditions in the /rtas node of the device tree, the traversal of\nwhich entails locking and local IRQ state changes. If the kernel panics\nwhile devtree_lock is held, rtas_os_term() as currently written could\nhang.\n\nInstead of discovering the relevant characteristics at panic time,\ncache them in file-static variables at boot. Note the lookup for\n\"ibm,extended-os-term\" is converted to of_property_read_bool() since it\nis a boolean property, not an RTAS function token.\n\n[mpe: Incorporate suggested change from Nick]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50870",
"url": "https://www.suse.com/security/cve/CVE-2022-50870"
},
{
"category": "external",
"summary": "SUSE Bug 1256154 for CVE-2022-50870",
"url": "https://bugzilla.suse.com/1256154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50870"
},
{
"cve": "CVE-2022-50872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix memory leak in realtime_counter_init()\n\nThe \"sys_clk\" resource is malloced by clk_get(),\nit is not released when the function return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50872",
"url": "https://www.suse.com/security/cve/CVE-2022-50872"
},
{
"category": "external",
"summary": "SUSE Bug 1256157 for CVE-2022-50872",
"url": "https://bugzilla.suse.com/1256157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50872"
},
{
"cve": "CVE-2022-50876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: Fix musb_gadget.c rxstate overflow bug\n\nThe usb function device call musb_gadget_queue() adds the passed\nrequest to musb_ep::req_list,If the (request-\u003elength \u003e musb_ep-\u003epacket_sz)\nand (is_buffer_mapped(req) return false),the rxstate() will copy all data\nin fifo to request-\u003ebuf which may cause request-\u003ebuf out of bounds.\n\nFix it by add the length check :\nfifocnt = min_t(unsigned, request-\u003elength - request-\u003eactual, fifocnt);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50876",
"url": "https://www.suse.com/security/cve/CVE-2022-50876"
},
{
"category": "external",
"summary": "SUSE Bug 1256136 for CVE-2022-50876",
"url": "https://bugzilla.suse.com/1256136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50876"
},
{
"cve": "CVE-2022-50878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()\n\nA NULL check for bridge-\u003eencoder shows that it may be NULL, but it\nalready been dereferenced on all paths leading to the check.\n812\tif (!bridge-\u003eencoder) {\n\nDereference the pointer bridge-\u003eencoder.\n810\tdrm_connector_attach_encoder(\u0026lt9611-\u003econnector, bridge-\u003eencoder);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50878",
"url": "https://www.suse.com/security/cve/CVE-2022-50878"
},
{
"category": "external",
"summary": "SUSE Bug 1256140 for CVE-2022-50878",
"url": "https://bugzilla.suse.com/1256140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50878"
},
{
"cve": "CVE-2022-50880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()\n\nWhen peer delete failed in a disconnect operation, use-after-free\ndetected by KFENCE in below log. It is because for each vdev_id and\naddress, it has only one struct ath10k_peer, it is allocated in\nath10k_peer_map_event(). When connected to an AP, it has more than\none HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the\narray peer_map of struct ath10k will be set muti-elements to the\nsame ath10k_peer in ath10k_peer_map_event(). When peer delete failed\nin ath10k_sta_state(), the ath10k_peer will be free for the 1st peer\nid in array peer_map of struct ath10k, and then use-after-free happened\nfor the 2nd peer id because they map to the same ath10k_peer.\n\nAnd clean up all peers in array peer_map for the ath10k_peer, then\nuser-after-free disappeared\n\npeer map event log:\n[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e\n[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33\n[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246\n[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198\n[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166\n\npeer unmap event log:\n[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)\n[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)\n[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246\n[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198\n[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166\n\nuse-after-free log:\n[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)\n[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110\n[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed\n[21713.799968] ==================================================================\n[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]\n[21713.799991]\n[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):\n[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]\n[21713.800041] drv_sta_state+0x115/0x677 [mac80211]\n[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]\n[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]\n[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]\n[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]\n[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]\n[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]\n[21713.800161] genl_rcv_msg+0x38e/0x3be\n[21713.800166] netlink_rcv_skb+0x89/0xf7\n[21713.800171] genl_rcv+0x28/0x36\n[21713.800176] netlink_unicast+0x179/0x24b\n[21713.800181] netlink_sendmsg+0x3a0/0x40e\n[21713.800187] sock_sendmsg+0x72/0x76\n[21713.800192] ____sys_sendmsg+0x16d/0x1e3\n[21713.800196] ___sys_sendmsg+0x95/0xd1\n[21713.800200] __sys_sendmsg+0x85/0xbf\n[21713.800205] do_syscall_64+0x43/0x55\n[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[21713.800213]\n[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k\n[21713.800219]\n[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:\n[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]\n[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]\n[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]\n[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]\n[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1d\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50880",
"url": "https://www.suse.com/security/cve/CVE-2022-50880"
},
{
"category": "external",
"summary": "SUSE Bug 1256132 for CVE-2022-50880",
"url": "https://bugzilla.suse.com/1256132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50880"
},
{
"cve": "CVE-2022-50881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()\n\nThis patch fixes a use-after-free in ath9k that occurs in\nath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access\n\u0027drv_priv\u0027 that has already been freed by ieee80211_free_hw(), called by\nath9k_htc_hw_deinit(). The patch moves ath9k_destroy_wmi() before\nieee80211_free_hw(). Note that urbs from the driver should be killed\nbefore freeing \u0027wmi\u0027 with ath9k_destroy_wmi() as their callbacks will\naccess \u0027wmi\u0027.\n\nFound by a modified version of syzkaller.\n\n==================================================================\nBUG: KASAN: use-after-free in ath9k_destroy_wmi+0x38/0x40\nRead of size 8 at addr ffff8881069132a0 by task kworker/0:1/7\n\nCPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G O 5.14.0+ #131\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n dump_stack_lvl+0x8e/0xd1\n print_address_description.constprop.0.cold+0x93/0x334\n ? ath9k_destroy_wmi+0x38/0x40\n ? ath9k_destroy_wmi+0x38/0x40\n kasan_report.cold+0x83/0xdf\n ? ath9k_destroy_wmi+0x38/0x40\n ath9k_destroy_wmi+0x38/0x40\n ath9k_hif_usb_disconnect+0x329/0x3f0\n ? ath9k_hif_usb_suspend+0x120/0x120\n ? usb_disable_interface+0xfc/0x180\n usb_unbind_interface+0x19b/0x7e0\n ? usb_autoresume_device+0x50/0x50\n device_release_driver_internal+0x44d/0x520\n bus_remove_device+0x2e5/0x5a0\n device_del+0x5b2/0xe30\n ? __device_link_del+0x370/0x370\n ? usb_remove_ep_devs+0x43/0x80\n ? remove_intf_ep_devs+0x112/0x1a0\n usb_disable_device+0x1e3/0x5a0\n usb_disconnect+0x267/0x870\n hub_event+0x168d/0x3950\n ? rcu_read_lock_sched_held+0xa1/0xd0\n ? hub_port_debounce+0x2e0/0x2e0\n ? check_irq_usage+0x860/0xf20\n ? drain_workqueue+0x281/0x360\n ? lock_release+0x640/0x640\n ? rcu_read_lock_sched_held+0xa1/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n process_one_work+0x92b/0x1460\n ? pwq_dec_nr_in_flight+0x330/0x330\n ? rwlock_bug.part.0+0x90/0x90\n worker_thread+0x95/0xe00\n ? __kthread_parkme+0x115/0x1e0\n ? process_one_work+0x1460/0x1460\n kthread+0x3a1/0x480\n ? set_kthread_struct+0x120/0x120\n ret_from_fork+0x1f/0x30\n\nThe buggy address belongs to the page:\npage:ffffea00041a44c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106913\nflags: 0x200000000000000(node=0|zone=2)\nraw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 7, ts 38347963444, free_ts 41399957635\n prep_new_page+0x1aa/0x240\n get_page_from_freelist+0x159a/0x27c0\n __alloc_pages+0x2da/0x6a0\n alloc_pages+0xec/0x1e0\n kmalloc_order+0x39/0xf0\n kmalloc_order_trace+0x19/0x120\n __kmalloc+0x308/0x390\n wiphy_new_nm+0x6f5/0x1dd0\n ieee80211_alloc_hw_nm+0x36d/0x2230\n ath9k_htc_probe_device+0x9d/0x1e10\n ath9k_htc_hw_init+0x34/0x50\n ath9k_hif_usb_firmware_cb+0x25f/0x4e0\n request_firmware_work_func+0x131/0x240\n process_one_work+0x92b/0x1460\n worker_thread+0x95/0xe00\n kthread+0x3a1/0x480\npage last free stack trace:\n free_pcp_prepare+0x3d3/0x7f0\n free_unref_page+0x1e/0x3d0\n device_release+0xa4/0x240\n kobject_put+0x186/0x4c0\n put_device+0x20/0x30\n ath9k_htc_disconnect_device+0x1cf/0x2c0\n ath9k_htc_hw_deinit+0x26/0x30\n ath9k_hif_usb_disconnect+0x2d9/0x3f0\n usb_unbind_interface+0x19b/0x7e0\n device_release_driver_internal+0x44d/0x520\n bus_remove_device+0x2e5/0x5a0\n device_del+0x5b2/0xe30\n usb_disable_device+0x1e3/0x5a0\n usb_disconnect+0x267/0x870\n hub_event+0x168d/0x3950\n process_one_work+0x92b/0x1460\n\nMemory state around the buggy address:\n ffff888106913180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff888106913200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\u003effff888\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50881",
"url": "https://www.suse.com/security/cve/CVE-2022-50881"
},
{
"category": "external",
"summary": "SUSE Bug 1256130 for CVE-2022-50881",
"url": "https://bugzilla.suse.com/1256130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50881"
},
{
"cve": "CVE-2022-50882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix memory leak in uvc_gpio_parse\n\nPreviously the unit buffer was allocated before checking the IRQ for\nprivacy GPIO. In case of error, the unit buffer was leaked.\n\nAllocate the unit buffer after the IRQ to avoid it.\n\nAddresses-Coverity-ID: 1474639 (\"Resource leak\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50882",
"url": "https://www.suse.com/security/cve/CVE-2022-50882"
},
{
"category": "external",
"summary": "SUSE Bug 1256126 for CVE-2022-50882",
"url": "https://bugzilla.suse.com/1256126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50882"
},
{
"cve": "CVE-2022-50884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Prevent drm_copy_field() to attempt copying a NULL pointer\n\nThere are some struct drm_driver fields that are required by drivers since\ndrm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION.\n\nBut it can be possible that a driver has a bug and did not set some of the\nfields, which leads to drm_copy_field() attempting to copy a NULL pointer:\n\n[ +10.395966] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000\n[ +0.010955] Mem abort info:\n[ +0.002835] ESR = 0x0000000096000004\n[ +0.003872] EC = 0x25: DABT (current EL), IL = 32 bits\n[ +0.005395] SET = 0, FnV = 0\n[ +0.003113] EA = 0, S1PTW = 0\n[ +0.003182] FSC = 0x04: level 0 translation fault\n[ +0.004964] Data abort info:\n[ +0.002919] ISV = 0, ISS = 0x00000004\n[ +0.003886] CM = 0, WnR = 0\n[ +0.003040] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000115dad000\n[ +0.006536] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ +0.006925] Internal error: Oops: 96000004 [#1] SMP\n...\n[ +0.011113] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ +0.007061] pc : __pi_strlen+0x14/0x150\n[ +0.003895] lr : drm_copy_field+0x30/0x1a4\n[ +0.004156] sp : ffff8000094b3a50\n[ +0.003355] x29: ffff8000094b3a50 x28: ffff8000094b3b70 x27: 0000000000000040\n[ +0.007242] x26: ffff443743c2ba00 x25: 0000000000000000 x24: 0000000000000040\n[ +0.007243] x23: ffff443743c2ba00 x22: ffff8000094b3b70 x21: 0000000000000000\n[ +0.007241] x20: 0000000000000000 x19: ffff8000094b3b90 x18: 0000000000000000\n[ +0.007241] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaab14b9af40\n[ +0.007241] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ +0.007239] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa524ad67d4d8\n[ +0.007242] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 6c6e6263606e7141\n[ +0.007239] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n[ +0.007241] x2 : 0000000000000000 x1 : ffff8000094b3b90 x0 : 0000000000000000\n[ +0.007240] Call trace:\n[ +0.002475] __pi_strlen+0x14/0x150\n[ +0.003537] drm_version+0x84/0xac\n[ +0.003448] drm_ioctl_kernel+0xa8/0x16c\n[ +0.003975] drm_ioctl+0x270/0x580\n[ +0.003448] __arm64_sys_ioctl+0xb8/0xfc\n[ +0.003978] invoke_syscall+0x78/0x100\n[ +0.003799] el0_svc_common.constprop.0+0x4c/0xf4\n[ +0.004767] do_el0_svc+0x38/0x4c\n[ +0.003357] el0_svc+0x34/0x100\n[ +0.003185] el0t_64_sync_handler+0x11c/0x150\n[ +0.004418] el0t_64_sync+0x190/0x194\n[ +0.003716] Code: 92402c04 b200c3e8 f13fc09f 5400088c (a9400c02)\n[ +0.006180] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50884",
"url": "https://www.suse.com/security/cve/CVE-2022-50884"
},
{
"category": "external",
"summary": "SUSE Bug 1256127 for CVE-2022-50884",
"url": "https://bugzilla.suse.com/1256127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50884"
},
{
"cve": "CVE-2022-50885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed\n\nThere is a null-ptr-deref when mount.cifs over rdma:\n\n BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\n Read of size 8 at addr 0000000000000018 by task mount.cifs/3046\n\n CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x44\n kasan_report+0xad/0x130\n rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe]\n execute_in_process_context+0x25/0x90\n __rxe_cleanup+0x101/0x1d0 [rdma_rxe]\n rxe_create_qp+0x16a/0x180 [rdma_rxe]\n create_qp.part.0+0x27d/0x340\n ib_create_qp_kernel+0x73/0x160\n rdma_create_qp+0x100/0x230\n _smbd_get_connection+0x752/0x20f0\n smbd_get_connection+0x21/0x40\n cifs_get_tcp_session+0x8ef/0xda0\n mount_get_conns+0x60/0x750\n cifs_mount+0x103/0xd00\n cifs_smb3_do_mount+0x1dd/0xcb0\n smb3_get_tree+0x1d5/0x300\n vfs_get_tree+0x41/0xf0\n path_mount+0x9b3/0xdd0\n __x64_sys_mount+0x190/0x1d0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe root cause of the issue is the socket create failed in\nrxe_qp_init_req().\n\nSo move the reset rxe_qp_do_cleanup() after the NULL ptr check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50885",
"url": "https://www.suse.com/security/cve/CVE-2022-50885"
},
{
"category": "external",
"summary": "SUSE Bug 1256122 for CVE-2022-50885",
"url": "https://bugzilla.suse.com/1256122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50885"
},
{
"cve": "CVE-2022-50886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: toshsd: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value, the memory\nthat allocated in mmc_alloc_host() will be leaked and it will lead a kernel\ncrash because of deleting not added device in the remove path.\n\nSo fix this by checking the return value and goto error path which will call\nmmc_free_host(), besides, free_irq() also needs be called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50886",
"url": "https://www.suse.com/security/cve/CVE-2022-50886"
},
{
"category": "external",
"summary": "SUSE Bug 1256124 for CVE-2022-50886",
"url": "https://bugzilla.suse.com/1256124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50886"
},
{
"cve": "CVE-2022-50887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix unbalanced of node refcount in regulator_dev_lookup()\n\nI got the the following report:\n\n OF: ERROR: memory leak, expected refcount 1 instead of 2,\n of_node_get()/of_node_put() unbalanced - destroy cset entry:\n attach overlay node /i2c/pmic@62/regulators/exten\n\nIn of_get_regulator(), the node is returned from of_parse_phandle()\nwith refcount incremented, after using it, of_node_put() need be called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50887",
"url": "https://www.suse.com/security/cve/CVE-2022-50887"
},
{
"category": "external",
"summary": "SUSE Bug 1256125 for CVE-2022-50887",
"url": "https://bugzilla.suse.com/1256125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50887"
},
{
"cve": "CVE-2022-50888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()\n\nq6v5_wcss_init_mmio() will call platform_get_resource_byname() that may\nfail and return NULL. devm_ioremap() will use res-\u003estart as input, which\nmay causes null-ptr-deref. Check the ret value of\nplatform_get_resource_byname() to avoid the null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50888",
"url": "https://www.suse.com/security/cve/CVE-2022-50888"
},
{
"category": "external",
"summary": "SUSE Bug 1256057 for CVE-2022-50888",
"url": "https://bugzilla.suse.com/1256057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50888"
},
{
"cve": "CVE-2022-50889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm integrity: Fix UAF in dm_integrity_dtr()\n\nDm_integrity also has the same UAF problem when dm_resume()\nand dm_destroy() are concurrent.\n\nTherefore, cancelling timer again in dm_integrity_dtr().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50889",
"url": "https://www.suse.com/security/cve/CVE-2022-50889"
},
{
"category": "external",
"summary": "SUSE Bug 1256056 for CVE-2022-50889",
"url": "https://bugzilla.suse.com/1256056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2022-50889"
},
{
"cve": "CVE-2023-23559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23559"
}
],
"notes": [
{
"category": "general",
"text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23559",
"url": "https://www.suse.com/security/cve/CVE-2023-23559"
},
{
"category": "external",
"summary": "SUSE Bug 1207051 for CVE-2023-23559",
"url": "https://bugzilla.suse.com/1207051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-23559"
},
{
"cve": "CVE-2023-53215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Don\u0027t balance task to its current running CPU\n\nWe\u0027ve run into the case that the balancer tries to balance a migration\ndisabled task and trigger the warning in set_task_cpu() like below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240\n Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 \u003c...snip\u003e\n CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1\n Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : set_task_cpu+0x188/0x240\n lr : load_balance+0x5d0/0xc60\n sp : ffff80000803bc70\n x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040\n x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001\n x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78\n x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000\n x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530\n x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e\n x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a\n x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001\n Call trace:\n set_task_cpu+0x188/0x240\n load_balance+0x5d0/0xc60\n rebalance_domains+0x26c/0x380\n _nohz_idle_balance.isra.0+0x1e0/0x370\n run_rebalance_domains+0x6c/0x80\n __do_softirq+0x128/0x3d8\n ____do_softirq+0x18/0x24\n call_on_irq_stack+0x2c/0x38\n do_softirq_own_stack+0x24/0x3c\n __irq_exit_rcu+0xcc/0xf4\n irq_exit_rcu+0x18/0x24\n el1_interrupt+0x4c/0xe4\n el1h_64_irq_handler+0x18/0x2c\n el1h_64_irq+0x74/0x78\n arch_cpu_idle+0x18/0x4c\n default_idle_call+0x58/0x194\n do_idle+0x244/0x2b0\n cpu_startup_entry+0x30/0x3c\n secondary_start_kernel+0x14c/0x190\n __secondary_switched+0xb0/0xb4\n ---[ end trace 0000000000000000 ]---\n\nFurther investigation shows that the warning is superfluous, the migration\ndisabled task is just going to be migrated to its current running CPU.\nThis is because that on load balance if the dst_cpu is not allowed by the\ntask, we\u0027ll re-select a new_dst_cpu as a candidate. If no task can be\nbalanced to dst_cpu we\u0027ll try to balance the task to the new_dst_cpu\ninstead. In this case when the migration disabled task is not on CPU it\nonly allows to run on its current CPU, load balance will select its\ncurrent CPU as new_dst_cpu and later triggers the warning above.\n\nThe new_dst_cpu is chosen from the env-\u003edst_grpmask. Currently it\ncontains CPUs in sched_group_span() and if we have overlapped groups it\u0027s\npossible to run into this case. This patch makes env-\u003edst_grpmask of\ngroup_balance_mask() which exclude any CPUs from the busiest group and\nsolve the issue. For balancing in a domain with no overlapped groups\nthe behaviour keeps same as before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53215",
"url": "https://www.suse.com/security/cve/CVE-2023-53215"
},
{
"category": "external",
"summary": "SUSE Bug 1250397 for CVE-2023-53215",
"url": "https://bugzilla.suse.com/1250397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53215"
},
{
"cve": "CVE-2023-53254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53254"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncacheinfo: Fix shared_cpu_map to handle shared caches at different levels\n\nThe cacheinfo sets up the shared_cpu_map by checking whether the caches\nwith the same index are shared between CPUs. However, this will trigger\nslab-out-of-bounds access if the CPUs do not have the same cache hierarchy.\nAnother problem is the mismatched shared_cpu_map when the shared cache does\nnot have the same index between CPUs.\n\nCPU0\tI\tD\tL3\nindex\t0\t1\t2\tx\n\t^\t^\t^\t^\nindex\t0\t1\t2\t3\nCPU1\tI\tD\tL2\tL3\n\nThis patch checks each cache is shared with all caches on other CPUs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53254",
"url": "https://www.suse.com/security/cve/CVE-2023-53254"
},
{
"category": "external",
"summary": "SUSE Bug 1249871 for CVE-2023-53254",
"url": "https://bugzilla.suse.com/1249871"
},
{
"category": "external",
"summary": "SUSE Bug 1250731 for CVE-2023-53254",
"url": "https://bugzilla.suse.com/1250731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53254"
},
{
"cve": "CVE-2023-53743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Free released resource after coalescing\n\nrelease_resource() doesn\u0027t actually free the resource or resource list\nentry so free the resource list entry to avoid a leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53743",
"url": "https://www.suse.com/security/cve/CVE-2023-53743"
},
{
"category": "external",
"summary": "SUSE Bug 1254782 for CVE-2023-53743",
"url": "https://bugzilla.suse.com/1254782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53743"
},
{
"cve": "CVE-2023-53744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe\n\nwkup_m3_ipc_get() takes refcount, which should be freed by\nwkup_m3_ipc_put(). Add missing refcount release in the error paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53744",
"url": "https://www.suse.com/security/cve/CVE-2023-53744"
},
{
"category": "external",
"summary": "SUSE Bug 1254781 for CVE-2023-53744",
"url": "https://bugzilla.suse.com/1254781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53744"
},
{
"cve": "CVE-2023-53746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vfio-ap: fix memory leak in vfio_ap device driver\n\nThe device release callback function invoked to release the matrix device\nuses the dev_get_drvdata(device *dev) function to retrieve the\npointer to the vfio_matrix_dev object in order to free its storage. The\nproblem is, this object is not stored as drvdata with the device; since the\nkfree function will accept a NULL pointer, the memory for the\nvfio_matrix_dev object is never freed.\n\nSince the device being released is contained within the vfio_matrix_dev\nobject, the container_of macro will be used to retrieve its pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53746",
"url": "https://www.suse.com/security/cve/CVE-2023-53746"
},
{
"category": "external",
"summary": "SUSE Bug 1254617 for CVE-2023-53746",
"url": "https://bugzilla.suse.com/1254617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53746"
},
{
"cve": "CVE-2023-53747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF\n\nAfter a call to console_unlock() in vcs_write() the vc_data struct can be\nfreed by vc_port_destruct(). Because of that, the struct vc_data pointer\nmust be reloaded in the while loop in vcs_write() after console_lock() to\navoid a UAF when vcs_size() is called.\n\nSyzkaller reported a UAF in vcs_size().\n\nBUG: KASAN: slab-use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215)\nRead of size 4 at addr ffff8880beab89a8 by task repro_vcs_size/4119\n\nCall Trace:\n \u003cTASK\u003e\n__asan_report_load4_noabort (mm/kasan/report_generic.c:380)\nvcs_size (drivers/tty/vt/vc_screen.c:215)\nvcs_write (drivers/tty/vt/vc_screen.c:664)\nvfs_write (fs/read_write.c:582 fs/read_write.c:564)\n...\n \u003cTASK\u003e\n\nAllocated by task 1213:\nkmalloc_trace (mm/slab_common.c:1064)\nvc_allocate (./include/linux/slab.h:559 ./include/linux/slab.h:680\n drivers/tty/vt/vt.c:1078 drivers/tty/vt/vt.c:1058)\ncon_install (drivers/tty/vt/vt.c:3334)\ntty_init_dev (drivers/tty/tty_io.c:1303 drivers/tty/tty_io.c:1415\n drivers/tty/tty_io.c:1392)\ntty_open (drivers/tty/tty_io.c:2082 drivers/tty/tty_io.c:2128)\nchrdev_open (fs/char_dev.c:415)\ndo_dentry_open (fs/open.c:921)\nvfs_open (fs/open.c:1052)\n...\n\nFreed by task 4116:\nkfree (mm/slab_common.c:1016)\nvc_port_destruct (drivers/tty/vt/vt.c:1044)\ntty_port_destructor (drivers/tty/tty_port.c:296)\ntty_port_put (drivers/tty/tty_port.c:312)\nvt_disallocate_all (drivers/tty/vt/vt_ioctl.c:662 (discriminator 2))\nvt_ioctl (drivers/tty/vt/vt_ioctl.c:903)\ntty_ioctl (drivers/tty/tty_io.c:2778)\n...\n\nThe buggy address belongs to the object at ffff8880beab8800\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 424 bytes inside of\n freed 1024-byte region [ffff8880beab8800, ffff8880beab8c00)\n\nThe buggy address belongs to the physical page:\npage:00000000afc77580 refcount:1 mapcount:0 mapping:0000000000000000\n index:0x0 pfn:0xbeab8\nhead:00000000afc77580 order:3 entire_mapcount:0 nr_pages_mapped:0\n pincount:0\nflags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)\npage_type: 0xffffffff()\nraw: 000fffffc0010200 ffff888100042dc0 ffffea000426de00 dead000000000002\nraw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff8880beab8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880beab8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\u003effff8880beab8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880beab8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880beab8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\nDisabling lock debugging due to kernel taint",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53747",
"url": "https://www.suse.com/security/cve/CVE-2023-53747"
},
{
"category": "external",
"summary": "SUSE Bug 1254572 for CVE-2023-53747",
"url": "https://bugzilla.suse.com/1254572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53747"
},
{
"cve": "CVE-2023-53751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential use-after-free bugs in TCP_Server_Info::hostname\n\nTCP_Server_Info::hostname may be updated once or many times during\nreconnect, so protect its access outside reconnect path as well and\nthen prevent any potential use-after-free bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53751",
"url": "https://www.suse.com/security/cve/CVE-2023-53751"
},
{
"category": "external",
"summary": "SUSE Bug 1254986 for CVE-2023-53751",
"url": "https://bugzilla.suse.com/1254986"
},
{
"category": "external",
"summary": "SUSE Bug 1254988 for CVE-2023-53751",
"url": "https://bugzilla.suse.com/1254988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53751"
},
{
"cve": "CVE-2023-53754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()\n\nWhen if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4)\nreturns false, drbl_regs_memmap_p is not remapped. This passes a NULL\npointer to iounmap(), which can trigger a WARN() on certain arches.\n\nWhen if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4)\nreturns true, drbl_regs_memmap_p may has been remapped and\nctrl_regs_memmap_p is not remapped. This is a resource leak and passes a\nNULL pointer to iounmap().\n\nTo fix these issues, we need to add null checks before iounmap(), and\nchange some goto labels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53754",
"url": "https://www.suse.com/security/cve/CVE-2023-53754"
},
{
"category": "external",
"summary": "SUSE Bug 1254609 for CVE-2023-53754",
"url": "https://bugzilla.suse.com/1254609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53754"
},
{
"cve": "CVE-2023-53755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ptdma: check for null desc before calling pt_cmd_callback\n\nResolves a panic that can occur on AMD systems, typically during host\nshutdown, after the PTDMA driver had been exercised. The issue was\nthe pt_issue_pending() function is mistakenly assuming that there will\nbe at least one descriptor in the Submitted queue when the function\nis called. However, it is possible that both the Submitted and Issued\nqueues could be empty, which could result in pt_cmd_callback() being\nmistakenly called with a NULL pointer.\nRef: Bugzilla Bug 216856.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53755",
"url": "https://www.suse.com/security/cve/CVE-2023-53755"
},
{
"category": "external",
"summary": "SUSE Bug 1254608 for CVE-2023-53755",
"url": "https://bugzilla.suse.com/1254608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53755"
},
{
"cve": "CVE-2023-53761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: Fix direction for 0-length ioctl control messages\n\nThe syzbot fuzzer found a problem in the usbtmc driver: When a user\nsubmits an ioctl for a 0-length control transfer, the driver does not\ncheck that the direction is set to OUT:\n\n------------[ cut here ]------------\nusb 3-1: BOGUS control dir, pipe 80000b80 doesn\u0027t match bRequestType fd\nWARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\nModules linked in:\nCPU: 0 PID: 5100 Comm: syz-executor428 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023\nRIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\nCode: 7c 24 40 e8 1b 13 5c fb 48 8b 7c 24 40 e8 21 1d f0 fe 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 e0 b5 fc 8a e8 19 c8 23 fb \u003c0f\u003e 0b e9 9f ee ff ff e8 ed 12 5c fb 0f b6 1d 12 8a 3c 08 31 ff 41\nRSP: 0018:ffffc90003d2fb00 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8880789e9058 RCX: 0000000000000000\nRDX: ffff888029593b80 RSI: ffffffff814c1447 RDI: 0000000000000001\nRBP: ffff88801ea742f8 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff88802915e528\nR13: 00000000000000fd R14: 0000000080000b80 R15: ffff8880222b3100\nFS: 0000555556ca63c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9ef4d18150 CR3: 0000000073e5b000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58\n usb_internal_control_msg drivers/usb/core/message.c:102 [inline]\n usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153\n usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1954 [inline]\n usbtmc_ioctl+0x1b3d/0x2840 drivers/usb/class/usbtmc.c:2097\n\nTo fix this, we must override the direction in the bRequestType field\nof the control request structure when the length is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53761",
"url": "https://www.suse.com/security/cve/CVE-2023-53761"
},
{
"category": "external",
"summary": "SUSE Bug 1255002 for CVE-2023-53761",
"url": "https://bugzilla.suse.com/1255002"
},
{
"category": "external",
"summary": "SUSE Bug 1255003 for CVE-2023-53761",
"url": "https://bugzilla.suse.com/1255003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53761"
},
{
"cve": "CVE-2023-53766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS: JFS: Check for read-only mounted filesystem in txBegin\n\n This patch adds a check for read-only mounted filesystem\n in txBegin before starting a transaction potentially saving\n from NULL pointer deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53766",
"url": "https://www.suse.com/security/cve/CVE-2023-53766"
},
{
"category": "external",
"summary": "SUSE Bug 1255005 for CVE-2023-53766",
"url": "https://bugzilla.suse.com/1255005"
},
{
"category": "external",
"summary": "SUSE Bug 1255006 for CVE-2023-53766",
"url": "https://bugzilla.suse.com/1255006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53766"
},
{
"cve": "CVE-2023-53781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric\u0027s ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket\u0027s sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket\u0027s TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53781",
"url": "https://www.suse.com/security/cve/CVE-2023-53781"
},
{
"category": "external",
"summary": "SUSE Bug 1254751 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254751"
},
{
"category": "external",
"summary": "SUSE Bug 1254755 for CVE-2023-53781",
"url": "https://bugzilla.suse.com/1254755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53781"
},
{
"cve": "CVE-2023-53783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: fix divide by 0 error in calc_lcoefs()\n\necho max of u64 to cost.model can cause divide by 0 error.\n\n # echo 8:0 rbps=18446744073709551615 \u003e /sys/fs/cgroup/io.cost.model\n\n divide error: 0000 [#1] PREEMPT SMP\n RIP: 0010:calc_lcoefs+0x4c/0xc0\n Call Trace:\n \u003cTASK\u003e\n ioc_refresh_params+0x2b3/0x4f0\n ioc_cost_model_write+0x3cb/0x4c0\n ? _copy_from_iter+0x6d/0x6c0\n ? kernfs_fop_write_iter+0xfc/0x270\n cgroup_file_write+0xa0/0x200\n kernfs_fop_write_iter+0x17d/0x270\n vfs_write+0x414/0x620\n ksys_write+0x73/0x160\n __x64_sys_write+0x1e/0x30\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\ncalc_lcoefs() uses the input value of cost.model in DIV_ROUND_UP_ULL,\noverflow would happen if bps plus IOC_PAGE_SIZE is greater than\nULLONG_MAX, it can cause divide by 0 error.\n\nFix the problem by setting basecost",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53783",
"url": "https://www.suse.com/security/cve/CVE-2023-53783"
},
{
"category": "external",
"summary": "SUSE Bug 1254915 for CVE-2023-53783",
"url": "https://bugzilla.suse.com/1254915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53783"
},
{
"cve": "CVE-2023-53786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53786"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: fix a crash with invalid table line\n\nThis command will crash with NULL pointer dereference:\n dmsetup create flakey --table \\\n \"0 `blockdev --getsize /dev/ram0` flakey /dev/ram0 0 0 1 2 corrupt_bio_byte 512\"\n\nFix the crash by checking if arg_name is non-NULL before comparing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53786",
"url": "https://www.suse.com/security/cve/CVE-2023-53786"
},
{
"category": "external",
"summary": "SUSE Bug 1254916 for CVE-2023-53786",
"url": "https://bugzilla.suse.com/1254916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53786"
},
{
"cve": "CVE-2023-53788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()\n\ntuning_ctl_set() might have buffer overrun at (X) if it didn\u0027t break\nfrom loop by matching (A).\n\n\tstatic int tuning_ctl_set(...)\n\t{\n\t\tfor (i = 0; i \u003c TUNING_CTLS_COUNT; i++)\n(A)\t\t\tif (nid == ca0132_tuning_ctls[i].nid)\n\t\t\t\tbreak;\n\n\t\tsnd_hda_power_up(...);\n(X)\t\tdspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);\n\t\tsnd_hda_power_down(...); ^\n\n\t\treturn 1;\n\t}\n\nWe will get below error by cppcheck\n\n\tsound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12\n\t for (i = 0; i \u003c TUNING_CTLS_COUNT; i++)\n\t ^\n\tsound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds\n\t dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,\n\t ^\nThis patch cares non match case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53788",
"url": "https://www.suse.com/security/cve/CVE-2023-53788"
},
{
"category": "external",
"summary": "SUSE Bug 1254917 for CVE-2023-53788",
"url": "https://bugzilla.suse.com/1254917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53788"
},
{
"cve": "CVE-2023-53792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix memory leak in dhchap_ctrl_secret\n\nFree dhchap_secret in nvme_ctrl_dhchap_ctrl_secret_store() before we\nreturn when nvme_auth_generate_key() returns error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53792",
"url": "https://www.suse.com/security/cve/CVE-2023-53792"
},
{
"category": "external",
"summary": "SUSE Bug 1254743 for CVE-2023-53792",
"url": "https://bugzilla.suse.com/1254743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53792"
},
{
"cve": "CVE-2023-53794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix session state check in reconnect to avoid use-after-free issue\n\nDon\u0027t collect exiting session in smb2_reconnect_server(), because it\nwill be released soon.\n\nNote that the exiting session will stay in server-\u003esmb_ses_list until\nit complete the cifs_free_ipc() and logoff() and then delete itself\nfrom the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53794",
"url": "https://www.suse.com/security/cve/CVE-2023-53794"
},
{
"category": "external",
"summary": "SUSE Bug 1255163 for CVE-2023-53794",
"url": "https://bugzilla.suse.com/1255163"
},
{
"category": "external",
"summary": "SUSE Bug 1255235 for CVE-2023-53794",
"url": "https://bugzilla.suse.com/1255235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53794"
},
{
"cve": "CVE-2023-53802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function\n\nIt is stated that ath9k_htc_rx_msg() either frees the provided skb or\npasses its management to another callback function. However, the skb is\nnot freed in case there is no another callback function, and Syzkaller was\nable to cause a memory leak. Also minor comment fix.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53802",
"url": "https://www.suse.com/security/cve/CVE-2023-53802"
},
{
"category": "external",
"summary": "SUSE Bug 1254725 for CVE-2023-53802",
"url": "https://bugzilla.suse.com/1254725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53802"
},
{
"cve": "CVE-2023-53803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()\n\nA fix for:\n\nBUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses]\nRead of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271\n\nChecking after (and before in next loop) addl_desc_ptr[1] is sufficient, we\nexpect the size to be sanitized before first access to addl_desc_ptr[1].\nMake sure we don\u0027t walk beyond end of page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53803",
"url": "https://www.suse.com/security/cve/CVE-2023-53803"
},
{
"category": "external",
"summary": "SUSE Bug 1255165 for CVE-2023-53803",
"url": "https://bugzilla.suse.com/1255165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53803"
},
{
"cve": "CVE-2023-53804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()\n\nDuring unmount process of nilfs2, nothing holds nilfs_root structure after\nnilfs2 detaches its writer in nilfs_detach_log_writer(). However, since\nnilfs_evict_inode() uses nilfs_root for some cleanup operations, it may\ncause use-after-free read if inodes are left in \"garbage_list\" and\nreleased by nilfs_dispose_list() at the end of nilfs_detach_log_writer().\n\nFix this issue by modifying nilfs_evict_inode() to only clear inode\nwithout additional metadata changes that use nilfs_root if the file system\nis degraded to read-only or the writer is detached.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53804",
"url": "https://www.suse.com/security/cve/CVE-2023-53804"
},
{
"category": "external",
"summary": "SUSE Bug 1254920 for CVE-2023-53804",
"url": "https://bugzilla.suse.com/1254920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53804"
},
{
"cve": "CVE-2023-53808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: fix memory leak in mwifiex_histogram_read()\n\nAlways free the zeroed page on return from \u0027mwifiex_histogram_read()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53808",
"url": "https://www.suse.com/security/cve/CVE-2023-53808"
},
{
"category": "external",
"summary": "SUSE Bug 1254723 for CVE-2023-53808",
"url": "https://bugzilla.suse.com/1254723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53808"
},
{
"cve": "CVE-2023-53811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Cap MSIX used to online CPUs + 1\n\nThe irdma driver can use a maximum number of msix vectors equal\nto num_online_cpus() + 1 and the kernel warning stack below is shown\nif that number is exceeded.\n\nThe kernel throws a warning as the driver tries to update the affinity\nhint with a CPU mask greater than the max CPU IDs. Fix this by capping\nthe MSIX vectors to num_online_cpus() + 1.\n\n WARNING: CPU: 7 PID: 23655 at include/linux/cpumask.h:106 irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\n RIP: 0010:irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\n Call Trace:\n irdma_rt_init_hw+0xa62/0x1290 [irdma]\n ? irdma_alloc_local_mac_entry+0x1a0/0x1a0 [irdma]\n ? __is_kernel_percpu_address+0x63/0x310\n ? rcu_read_lock_held_common+0xe/0xb0\n ? irdma_lan_unregister_qset+0x280/0x280 [irdma]\n ? irdma_request_reset+0x80/0x80 [irdma]\n ? ice_get_qos_params+0x84/0x390 [ice]\n irdma_probe+0xa40/0xfc0 [irdma]\n ? rcu_read_lock_bh_held+0xd0/0xd0\n ? irdma_remove+0x140/0x140 [irdma]\n ? rcu_read_lock_sched_held+0x62/0xe0\n ? down_write+0x187/0x3d0\n ? auxiliary_match_id+0xf0/0x1a0\n ? irdma_remove+0x140/0x140 [irdma]\n auxiliary_bus_probe+0xa6/0x100\n __driver_probe_device+0x4a4/0xd50\n ? __device_attach_driver+0x2c0/0x2c0\n driver_probe_device+0x4a/0x110\n __driver_attach+0x1aa/0x350\n bus_for_each_dev+0x11d/0x1b0\n ? subsys_dev_iter_init+0xe0/0xe0\n bus_add_driver+0x3b1/0x610\n driver_register+0x18e/0x410\n ? 0xffffffffc0b88000\n irdma_init_module+0x50/0xaa [irdma]\n do_one_initcall+0x103/0x5f0\n ? perf_trace_initcall_level+0x420/0x420\n ? do_init_module+0x4e/0x700\n ? __kasan_kmalloc+0x7d/0xa0\n ? kmem_cache_alloc_trace+0x188/0x2b0\n ? kasan_unpoison+0x21/0x50\n do_init_module+0x1d1/0x700\n load_module+0x3867/0x5260\n ? layout_and_allocate+0x3990/0x3990\n ? rcu_read_lock_held_common+0xe/0xb0\n ? rcu_read_lock_sched_held+0x62/0xe0\n ? rcu_read_lock_bh_held+0xd0/0xd0\n ? __vmalloc_node_range+0x46b/0x890\n ? lock_release+0x5c8/0xba0\n ? alloc_vm_area+0x120/0x120\n ? selinux_kernel_module_from_file+0x2a5/0x300\n ? __inode_security_revalidate+0xf0/0xf0\n ? __do_sys_init_module+0x1db/0x260\n __do_sys_init_module+0x1db/0x260\n ? load_module+0x5260/0x5260\n ? do_syscall_64+0x22/0x450\n do_syscall_64+0xa5/0x450\n entry_SYSCALL_64_after_hwframe+0x66/0xdb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53811",
"url": "https://www.suse.com/security/cve/CVE-2023-53811"
},
{
"category": "external",
"summary": "SUSE Bug 1254716 for CVE-2023-53811",
"url": "https://bugzilla.suse.com/1254716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53811"
},
{
"cve": "CVE-2023-53814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix dropping valid root bus resources with .end = zero\n\nOn r8a7791/koelsch:\n\n kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n # cat /sys/kernel/debug/kmemleak\n unreferenced object 0xc3a34e00 (size 64):\n comm \"swapper/0\", pid 1, jiffies 4294937460 (age 199.080s)\n hex dump (first 32 bytes):\n b4 5d 81 f0 b4 5d 81 f0 c0 b0 a2 c3 00 00 00 00 .]...]..........\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cfe3aa979\u003e] __kmalloc+0xf0/0x140\n [\u003c34bd6bc0\u003e] resource_list_create_entry+0x18/0x38\n [\u003c767046bc\u003e] pci_add_resource_offset+0x20/0x68\n [\u003cb3f3edf2\u003e] devm_of_pci_get_host_bridge_resources.constprop.0+0xb0/0x390\n\nWhen coalescing two resources for a contiguous aperture, the second\nresource is enlarged to cover the full contiguous range, while the first\nresource is marked invalid. This invalidation is done by clearing the\nflags, start, and end members.\n\nWhen adding the initial resources to the bus later, invalid resources are\nskipped. Unfortunately, the check for an invalid resource considers only\nthe end member, causing false positives.\n\nE.g. on r8a7791/koelsch, root bus resource 0 (\"bus 00\") is skipped, and no\nlonger registered with pci_bus_insert_busn_res() (causing the memory leak),\nnor printed:\n\n pci-rcar-gen2 ee090000.pci: host bridge /soc/pci@ee090000 ranges:\n pci-rcar-gen2 ee090000.pci: MEM 0x00ee080000..0x00ee08ffff -\u003e 0x00ee080000\n pci-rcar-gen2 ee090000.pci: PCI: revision 11\n pci-rcar-gen2 ee090000.pci: PCI host bridge to bus 0000:00\n -pci_bus 0000:00: root bus resource [bus 00]\n pci_bus 0000:00: root bus resource [mem 0xee080000-0xee08ffff]\n\nFix this by only skipping resources where all of the flags, start, and end\nmembers are zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53814",
"url": "https://www.suse.com/security/cve/CVE-2023-53814"
},
{
"category": "external",
"summary": "SUSE Bug 1254713 for CVE-2023-53814",
"url": "https://bugzilla.suse.com/1254713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53814"
},
{
"cve": "CVE-2023-53818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: zynq: Fix refcount leak in zynq_early_slcr_init\n\nof_find_compatible_node() returns a node pointer with refcount incremented,\nwe should use of_node_put() on error path.\nAdd missing of_node_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53818",
"url": "https://www.suse.com/security/cve/CVE-2023-53818"
},
{
"category": "external",
"summary": "SUSE Bug 1254714 for CVE-2023-53818",
"url": "https://bugzilla.suse.com/1254714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53818"
},
{
"cve": "CVE-2023-53819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namdgpu: validate offset_in_bo of drm_amdgpu_gem_va\n\nThis is motivated by OOB access in amdgpu_vm_update_range when\noffset_in_bo+map_size overflows.\n\nv2: keep the validations in amdgpu_vm_bo_map\nv3: add the validations to amdgpu_vm_bo_map/amdgpu_vm_bo_replace_map\n rather than to amdgpu_gem_va_ioctl",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53819",
"url": "https://www.suse.com/security/cve/CVE-2023-53819"
},
{
"category": "external",
"summary": "SUSE Bug 1254712 for CVE-2023-53819",
"url": "https://bugzilla.suse.com/1254712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53819"
},
{
"cve": "CVE-2023-53820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: loop_set_status_from_info() check before assignment\n\nIn loop_set_status_from_info(), lo-\u003elo_offset and lo-\u003elo_sizelimit should\nbe checked before reassignment, because if an overflow error occurs, the\noriginal correct value will be changed to the wrong value, and it will not\nbe changed back.\n\nMore, the original patch did not solve the problem, the value was set and\nioctl returned an error, but the subsequent io used the value in the loop\ndriver, which still caused an alarm:\n\nloop_handle_cmd\n do_req_filebacked\n loff_t pos = ((loff_t) blk_rq_pos(rq) \u003c\u003c 9) + lo-\u003elo_offset;\n lo_rw_aio\n cmd-\u003eiocb.ki_pos = pos",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53820",
"url": "https://www.suse.com/security/cve/CVE-2023-53820"
},
{
"category": "external",
"summary": "SUSE Bug 1254706 for CVE-2023-53820",
"url": "https://bugzilla.suse.com/1254706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53820"
},
{
"cve": "CVE-2023-53827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}\n\nSimilar to commit d0be8347c623 (\"Bluetooth: L2CAP: Fix use-after-free\ncaused by l2cap_chan_put\"), just use l2cap_chan_hold_unless_zero to\nprevent referencing a channel that is about to be destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53827",
"url": "https://www.suse.com/security/cve/CVE-2023-53827"
},
{
"category": "external",
"summary": "SUSE Bug 1255049 for CVE-2023-53827",
"url": "https://bugzilla.suse.com/1255049"
},
{
"category": "external",
"summary": "SUSE Bug 1255050 for CVE-2023-53827",
"url": "https://bugzilla.suse.com/1255050"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-53827"
},
{
"cve": "CVE-2023-53830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix memory leak when showing current settings\n\nWhen retriving a item string with tlmi_setting(), the result has to be\nfreed using kfree(). In current_value_show() however, malformed\nitem strings are not freed, causing a memory leak.\nFix this by eliminating the early return responsible for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53830",
"url": "https://www.suse.com/security/cve/CVE-2023-53830"
},
{
"category": "external",
"summary": "SUSE Bug 1254658 for CVE-2023-53830",
"url": "https://bugzilla.suse.com/1254658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53830"
},
{
"cve": "CVE-2023-53832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref in raid10_sync_request\n\ninit_resync() inits mempool and sets conf-\u003ehave_replacemnt at the beginning\nof sync, close_sync() frees the mempool when sync is completed.\n\nAfter [1] recovery might be skipped and init_resync() is called but\nclose_sync() is not. null-ptr-deref occurs with r10bio-\u003edev[i].repl_bio.\n\nThe following is one way to reproduce the issue.\n\n 1) create a array, wait for resync to complete, mddev-\u003erecovery_cp is set\n to MaxSector.\n 2) recovery is woken and it is skipped. conf-\u003ehave_replacement is set to\n 0 in init_resync(). close_sync() not called.\n 3) some io errors and rdev A is set to WantReplacement.\n 4) a new device is added and set to A\u0027s replacement.\n 5) recovery is woken, A have replacement, but conf-\u003ehave_replacemnt is\n 0. r10bio-\u003edev[i].repl_bio will not be alloced and null-ptr-deref\n occurs.\n\nFix it by not calling init_resync() if recovery skipped.\n\n[1] commit 7e83ccbecd60 (\"md/raid10: Allow skipping recovery when clean arrays are assembled\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53832",
"url": "https://www.suse.com/security/cve/CVE-2023-53832"
},
{
"category": "external",
"summary": "SUSE Bug 1254671 for CVE-2023-53832",
"url": "https://bugzilla.suse.com/1254671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53832"
},
{
"cve": "CVE-2023-53834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ina2xx: avoid NULL pointer dereference on OF device match\n\nThe affected lines were resulting in a NULL pointer dereference on our\nplatform because the device tree contained the following list of\ncompatible strings:\n\n power-sensor@40 {\n compatible = \"ti,ina232\", \"ti,ina231\";\n ...\n };\n\nSince the driver doesn\u0027t declare a compatible string \"ti,ina232\", the OF\nmatching succeeds on \"ti,ina231\". But the I2C device ID info is\npopulated via the first compatible string, cf. modalias population in\nof_i2c_get_board_info(). Since there is no \"ina232\" entry in the legacy\nI2C device ID table either, the struct i2c_device_id *id pointer in the\nprobe function is NULL.\n\nFix this by using the already populated type variable instead, which\npoints to the proper driver data. Since the name is also wanted, add a\ngeneric one to the ina2xx_config table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53834",
"url": "https://www.suse.com/security/cve/CVE-2023-53834"
},
{
"category": "external",
"summary": "SUSE Bug 1254660 for CVE-2023-53834",
"url": "https://bugzilla.suse.com/1254660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53834"
},
{
"cve": "CVE-2023-53837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: fix NULL-deref on snapshot tear down\n\nIn case of early initialisation errors and on platforms that do not use\nthe DPU controller, the deinitilisation code can be called with the kms\npointer set to NULL.\n\nPatchwork: https://patchwork.freedesktop.org/patch/525099/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53837",
"url": "https://www.suse.com/security/cve/CVE-2023-53837"
},
{
"category": "external",
"summary": "SUSE Bug 1254694 for CVE-2023-53837",
"url": "https://bugzilla.suse.com/1254694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53837"
},
{
"cve": "CVE-2023-53840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: early: xhci-dbc: Fix a potential out-of-bound memory access\n\nIf xdbc_bulk_write() fails, the values in \u0027buf\u0027 can be anything. So the\nstring is not guaranteed to be NULL terminated when xdbc_trace() is called.\n\nReserve an extra byte, which will be zeroed automatically because \u0027buf\u0027 is\na static variable, in order to avoid troubles, should it happen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53840",
"url": "https://www.suse.com/security/cve/CVE-2023-53840"
},
{
"category": "external",
"summary": "SUSE Bug 1254709 for CVE-2023-53840",
"url": "https://bugzilla.suse.com/1254709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53840"
},
{
"cve": "CVE-2023-53842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove\n\nThe MBHC resources must be released on component probe failure and\nremoval so can not be tied to the lifetime of the component device.\n\nThis is specifically needed to allow probe deferrals of the sound card\nwhich otherwise fails when reprobing the codec component:\n\n snd-sc8280xp sound: ASoC: failed to instantiate card -517\n genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)\n wcd938x_codec audio-codec: Failed to request mbhc interrupts -16\n wcd938x_codec audio-codec: mbhc initialization failed\n wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16\n snd-sc8280xp sound: ASoC: failed to instantiate card -16",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53842",
"url": "https://www.suse.com/security/cve/CVE-2023-53842"
},
{
"category": "external",
"summary": "SUSE Bug 1254690 for CVE-2023-53842",
"url": "https://bugzilla.suse.com/1254690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53842"
},
{
"cve": "CVE-2023-53844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Don\u0027t leak a resource on swapout move error\n\nIf moving the bo to system for swapout failed, we were leaking\na resource. Fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53844",
"url": "https://www.suse.com/security/cve/CVE-2023-53844"
},
{
"category": "external",
"summary": "SUSE Bug 1254649 for CVE-2023-53844",
"url": "https://bugzilla.suse.com/1254649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53844"
},
{
"cve": "CVE-2023-53845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix infinite loop in nilfs_mdt_get_block()\n\nIf the disk image that nilfs2 mounts is corrupted and a virtual block\naddress obtained by block lookup for a metadata file is invalid,\nnilfs_bmap_lookup_at_level() may return the same internal return code as\n-ENOENT, meaning the block does not exist in the metadata file.\n\nThis duplication of return codes confuses nilfs_mdt_get_block(), causing\nit to read and create a metadata block indefinitely.\n\nIn particular, if this happens to the inode metadata file, ifile,\nsemaphore i_rwsem can be left held, causing task hangs in lock_mount.\n\nFix this issue by making nilfs_bmap_lookup_at_level() treat virtual block\naddress translation failures with -ENOENT as metadata corruption instead\nof returning the error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53845",
"url": "https://www.suse.com/security/cve/CVE-2023-53845"
},
{
"category": "external",
"summary": "SUSE Bug 1255007 for CVE-2023-53845",
"url": "https://bugzilla.suse.com/1255007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53845"
},
{
"cve": "CVE-2023-53847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb-storage: alauda: Fix uninit-value in alauda_check_media()\n\nSyzbot got KMSAN to complain about access to an uninitialized value in\nthe alauda subdriver of usb-storage:\n\nBUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0\ndrivers/usb/storage/alauda.c:1137\nCPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x191/0x1f0 lib/dump_stack.c:113\n kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108\n __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250\n alauda_check_media+0x344/0x3310 drivers/usb/storage/alauda.c:460\n\nThe problem is that alauda_check_media() doesn\u0027t verify that its USB\ntransfer succeeded before trying to use the received data. What\nshould happen if the transfer fails isn\u0027t entirely clear, but a\nreasonably conservative approach is to pretend that no media is\npresent.\n\nA similar problem exists in a usb_stor_dbg() call in\nalauda_get_media_status(). In this case, when an error occurs the\ncall is redundant, because usb_stor_ctrl_transfer() already will print\na debugging message.\n\nFinally, unrelated to the uninitialized memory access, is the fact\nthat alauda_check_media() performs DMA to a buffer on the stack.\nFortunately usb-storage provides a general purpose DMA-able buffer for\nuses like this. We\u0027ll use it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53847",
"url": "https://www.suse.com/security/cve/CVE-2023-53847"
},
{
"category": "external",
"summary": "SUSE Bug 1254698 for CVE-2023-53847",
"url": "https://bugzilla.suse.com/1254698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53847"
},
{
"cve": "CVE-2023-53850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: use internal state to free traffic IRQs\n\nIf the system tries to close the netdev while iavf_reset_task() is\nrunning, __LINK_STATE_START will be cleared and netif_running() will\nreturn false in iavf_reinit_interrupt_scheme(). This will result in\niavf_free_traffic_irqs() not being called and a leak as follows:\n\n [7632.489326] remove_proc_entry: removing non-empty directory \u0027irq/999\u0027, leaking at least \u0027iavf-enp24s0f0v0-TxRx-0\u0027\n [7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0\n\nis shown when pci_disable_msix() is later called. Fix by using the\ninternal adapter state. The traffic IRQs will always exist if\nstate == __IAVF_RUNNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53850",
"url": "https://www.suse.com/security/cve/CVE-2023-53850"
},
{
"category": "external",
"summary": "SUSE Bug 1254677 for CVE-2023-53850",
"url": "https://bugzilla.suse.com/1254677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53850"
},
{
"cve": "CVE-2023-53852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix memory leak in dhchap_secret_store\n\nFree dhchap_secret in nvme_ctrl_dhchap_secret_store() before we return\nfix following kmemleack:-\n\nunreferenced object 0xffff8886376ea800 (size 64):\n comm \"check\", pid 22048, jiffies 4344316705 (age 92.199s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67 DHHC-1:00:nxr5Kg\n 75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c uX4uoAxsJa4c/huL\n backtrace:\n [\u003c0000000030ce5d4b\u003e] __kmalloc+0x4b/0x130\n [\u003c000000009be1cdc1\u003e] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n [\u003c00000000ac06c96a\u003e] kernfs_fop_write_iter+0x12b/0x1c0\n [\u003c00000000437e7ced\u003e] vfs_write+0x2ba/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff8886376eaf00 (size 64):\n comm \"check\", pid 22048, jiffies 4344316736 (age 92.168s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67 DHHC-1:00:nxr5Kg\n 75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c uX4uoAxsJa4c/huL\n backtrace:\n [\u003c0000000030ce5d4b\u003e] __kmalloc+0x4b/0x130\n [\u003c000000009be1cdc1\u003e] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n [\u003c00000000ac06c96a\u003e] kernfs_fop_write_iter+0x12b/0x1c0\n [\u003c00000000437e7ced\u003e] vfs_write+0x2ba/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53852",
"url": "https://www.suse.com/security/cve/CVE-2023-53852"
},
{
"category": "external",
"summary": "SUSE Bug 1254653 for CVE-2023-53852",
"url": "https://bugzilla.suse.com/1254653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53852"
},
{
"cve": "CVE-2023-53858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error\n\nIf clk_get_rate() fails, the clk that has just been allocated needs to be\nfreed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53858",
"url": "https://www.suse.com/security/cve/CVE-2023-53858"
},
{
"category": "external",
"summary": "SUSE Bug 1254704 for CVE-2023-53858",
"url": "https://bugzilla.suse.com/1254704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53858"
},
{
"cve": "CVE-2023-53862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix missing hfs_bnode_get() in __hfs_bnode_create\n\nSyzbot found a kernel BUG in hfs_bnode_put():\n\n kernel BUG at fs/hfs/bnode.c:466!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Workqueue: writeback wb_workfn (flush-7:0)\n RIP: 0010:hfs_bnode_put+0x46f/0x480 fs/hfs/bnode.c:466\n Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff \u003c0f\u003e 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56\n RSP: 0018:ffffc90003b4f258 EFLAGS: 00010293\n RAX: ffffffff825e318f RBX: 0000000000000000 RCX: ffff8880739dd7c0\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc90003b4f430 R08: ffffffff825e2d9b R09: ffffed10045157d1\n R10: ffffed10045157d1 R11: 1ffff110045157d0 R12: ffff8880228abe80\n R13: ffff88807016c000 R14: dffffc0000000000 R15: ffff8880228abe00\n FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa6ebe88718 CR3: 000000001e93d000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n hfs_write_inode+0x1bc/0xb40\n write_inode fs/fs-writeback.c:1440 [inline]\n __writeback_single_inode+0x4d6/0x670 fs/fs-writeback.c:1652\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1878\n __writeback_inodes_wb+0x125/0x420 fs/fs-writeback.c:1949\n wb_writeback+0x440/0x7b0 fs/fs-writeback.c:2054\n wb_check_start_all fs/fs-writeback.c:2176 [inline]\n wb_do_writeback fs/fs-writeback.c:2202 [inline]\n wb_workfn+0x827/0xef0 fs/fs-writeback.c:2235\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e\n\nThe BUG_ON() is triggered at here:\n\n/* Dispose of resources used by a node */\nvoid hfs_bnode_put(struct hfs_bnode *node)\n{\n\tif (node) {\n \t\t\u003cskipped\u003e\n \t\tBUG_ON(!atomic_read(\u0026node-\u003erefcnt)); \u003c- we have issue here!!!!\n \t\t\u003cskipped\u003e\n \t}\n}\n\nBy tracing the refcnt, I found the node is created by hfs_bmap_alloc()\nwith refcnt 1. Then the node is used by hfs_btree_write(). There is a\nmissing of hfs_bnode_get() after find the node. The issue happened in\nfollowing path:\n\n\u003calloc\u003e\n hfs_bmap_alloc\n hfs_bnode_find\n __hfs_bnode_create \u003c- allocate a new node with refcnt 1.\n hfs_bnode_put \u003c- decrease the refcnt\n\n\u003cwrite\u003e\n hfs_btree_write\n hfs_bnode_find\n __hfs_bnode_create\n hfs_bnode_findhash \u003c- find the node without refcnt increased.\n hfs_bnode_put\t \u003c- trigger the BUG_ON() since refcnt is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53862",
"url": "https://www.suse.com/security/cve/CVE-2023-53862"
},
{
"category": "external",
"summary": "SUSE Bug 1254994 for CVE-2023-53862",
"url": "https://bugzilla.suse.com/1254994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53862"
},
{
"cve": "CVE-2023-53866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: Reposition and add pcm_mutex\n\nIf panic_on_warn is set and compress stream(DPCM) is started,\nthen kernel panic occurred because card-\u003epcm_mutex isn\u0027t held appropriately.\nIn the following functions, warning were issued at this line\n\"snd_soc_dpcm_mutex_assert_held\".\n\nstatic int dpcm_be_connect(struct snd_soc_pcm_runtime *fe,\n\t\tstruct snd_soc_pcm_runtime *be, int stream)\n{\n\t...\n\tsnd_soc_dpcm_mutex_assert_held(fe);\n\t...\n}\n\nvoid dpcm_be_disconnect(struct snd_soc_pcm_runtime *fe, int stream)\n{\n\t...\n\tsnd_soc_dpcm_mutex_assert_held(fe);\n\t...\n}\n\nvoid snd_soc_runtime_action(struct snd_soc_pcm_runtime *rtd,\n\t\t\t int stream, int action)\n{\n\t...\n\tsnd_soc_dpcm_mutex_assert_held(rtd);\n\t...\n}\n\nint dpcm_dapm_stream_event(struct snd_soc_pcm_runtime *fe, int dir,\n\tint event)\n{\n\t...\n\tsnd_soc_dpcm_mutex_assert_held(fe);\n\t...\n}\n\nThese functions are called by soc_compr_set_params_fe, soc_compr_open_fe\nand soc_compr_free_fe\nwithout pcm_mutex locking. And this is call stack.\n\n[ 414.527841][ T2179] pc : dpcm_process_paths+0x5a4/0x750\n[ 414.527848][ T2179] lr : dpcm_process_paths+0x37c/0x750\n[ 414.527945][ T2179] Call trace:\n[ 414.527949][ T2179] dpcm_process_paths+0x5a4/0x750\n[ 414.527955][ T2179] soc_compr_open_fe+0xb0/0x2cc\n[ 414.527972][ T2179] snd_compr_open+0x180/0x248\n[ 414.527981][ T2179] snd_open+0x15c/0x194\n[ 414.528003][ T2179] chrdev_open+0x1b0/0x220\n[ 414.528023][ T2179] do_dentry_open+0x30c/0x594\n[ 414.528045][ T2179] vfs_open+0x34/0x44\n[ 414.528053][ T2179] path_openat+0x914/0xb08\n[ 414.528062][ T2179] do_filp_open+0xc0/0x170\n[ 414.528068][ T2179] do_sys_openat2+0x94/0x18c\n[ 414.528076][ T2179] __arm64_sys_openat+0x78/0xa4\n[ 414.528084][ T2179] invoke_syscall+0x48/0x10c\n[ 414.528094][ T2179] el0_svc_common+0xbc/0x104\n[ 414.528099][ T2179] do_el0_svc+0x34/0xd8\n[ 414.528103][ T2179] el0_svc+0x34/0xc4\n[ 414.528125][ T2179] el0t_64_sync_handler+0x8c/0xfc\n[ 414.528133][ T2179] el0t_64_sync+0x1a0/0x1a4\n[ 414.528142][ T2179] Kernel panic - not syncing: panic_on_warn set ...\n\nSo, I reposition and add pcm_mutex to resolve lockdep error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53866",
"url": "https://www.suse.com/security/cve/CVE-2023-53866"
},
{
"category": "external",
"summary": "SUSE Bug 1255060 for CVE-2023-53866",
"url": "https://bugzilla.suse.com/1255060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53866"
},
{
"cve": "CVE-2023-53990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSMB3: Add missing locks to protect deferred close file list\n\ncifs_del_deferred_close function has a critical section which modifies\nthe deferred close file list. We must acquire deferred_lock before\ncalling cifs_del_deferred_close function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53990",
"url": "https://www.suse.com/security/cve/CVE-2023-53990"
},
{
"category": "external",
"summary": "SUSE Bug 1255560 for CVE-2023-53990",
"url": "https://bugzilla.suse.com/1255560"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53990"
},
{
"cve": "CVE-2023-53991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Disallow unallocated resources to be returned\n\nIn the event that the topology requests resources that have not been\ncreated by the system (because they are typically not represented in\ndpu_mdss_cfg ^1), the resource(s) in global_state (in this case DSC\nblocks, until their allocation/assignment is being sanity-checked in\n\"drm/msm/dpu: Reject topologies for which no DSC blocks are available\")\nremain NULL but will still be returned out of\ndpu_rm_get_assigned_resources, where the caller expects to get an array\ncontaining num_blks valid pointers (but instead gets these NULLs).\n\nTo prevent this from happening, where null-pointer dereferences\ntypically result in a hard-to-debug platform lockup, num_blks shouldn\u0027t\nincrease past NULL blocks and will print an error and break instead.\nAfter all, max_blks represents the static size of the maximum number of\nblocks whereas the actual amount varies per platform.\n\n^1: which can happen after a git rebase ended up moving additions to\n_dpu_cfg to a different struct which has the same patch context.\n\nPatchwork: https://patchwork.freedesktop.org/patch/517636/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53991",
"url": "https://www.suse.com/security/cve/CVE-2023-53991"
},
{
"category": "external",
"summary": "SUSE Bug 1255627 for CVE-2023-53991",
"url": "https://bugzilla.suse.com/1255627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53991"
},
{
"cve": "CVE-2023-53996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Make enc_dec_hypercall() accept a size instead of npages\n\nenc_dec_hypercall() accepted a page count instead of a size, which\nforced its callers to round up. As a result, non-page aligned\nvaddrs caused pages to be spuriously marked as decrypted via the\nencryption status hypercall, which in turn caused consistent\ncorruption of pages during live migration. Live migration requires\naccurate encryption status information to avoid migrating pages\nfrom the wrong perspective.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53996",
"url": "https://www.suse.com/security/cve/CVE-2023-53996"
},
{
"category": "external",
"summary": "SUSE Bug 1255618 for CVE-2023-53996",
"url": "https://bugzilla.suse.com/1255618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53996"
},
{
"cve": "CVE-2023-53998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: virtio - Fix race on data_avail and actual data\n\nThe virtio rng device kicks off a new entropy request whenever the\ndata available reaches zero. When a new request occurs at the end\nof a read operation, that is, when the result of that request is\nonly needed by the next reader, then there is a race between the\nwriting of the new data and the next reader.\n\nThis is because there is no synchronisation whatsoever between the\nwriter and the reader.\n\nFix this by writing data_avail with smp_store_release and reading\nit with smp_load_acquire when we first enter read. The subsequent\nreads are safe because they\u0027re either protected by the first load\nacquire, or by the completion mechanism.\n\nAlso remove the redundant zeroing of data_idx in random_recv_done\n(data_idx must already be zero at this point) and data_avail in\nrequest_entropy (ditto).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53998",
"url": "https://www.suse.com/security/cve/CVE-2023-53998"
},
{
"category": "external",
"summary": "SUSE Bug 1255578 for CVE-2023-53998",
"url": "https://bugzilla.suse.com/1255578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-53998"
},
{
"cve": "CVE-2023-54001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: r8712: Fix memory leak in _r8712_init_xmit_priv()\n\nIn the above mentioned routine, memory is allocated in several places.\nIf the first succeeds and a later one fails, the routine will leak memory.\nThis patch fixes commit 2865d42c78a9 (\"staging: r8712u: Add the new driver\nto the mainline kernel\"). A potential memory leak in\nr8712_xmit_resource_alloc() is also addressed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54001",
"url": "https://www.suse.com/security/cve/CVE-2023-54001"
},
{
"category": "external",
"summary": "SUSE Bug 1255628 for CVE-2023-54001",
"url": "https://bugzilla.suse.com/1255628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54001"
},
{
"cve": "CVE-2023-54003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix GID entry ref leak when create_ah fails\n\nIf AH create request fails, release sgid_attr to avoid GID entry\nreferrence leak reported while releasing GID table",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54003",
"url": "https://www.suse.com/security/cve/CVE-2023-54003"
},
{
"category": "external",
"summary": "SUSE Bug 1255619 for CVE-2023-54003",
"url": "https://bugzilla.suse.com/1255619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54003"
},
{
"cve": "CVE-2023-54007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci_host: fix a race condition in vmci_host_poll() causing GPF\n\nDuring fuzzing, a general protection fault is observed in\nvmci_host_poll().\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]\nRIP: 0010:__lock_acquire+0xf3/0x5e00 kernel/locking/lockdep.c:4926\n\u003c- omitting registers -\u003e\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0x1a4/0x4a0 kernel/locking/lockdep.c:5672\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xb3/0x100 kernel/locking/spinlock.c:162\n add_wait_queue+0x3d/0x260 kernel/sched/wait.c:22\n poll_wait include/linux/poll.h:49 [inline]\n vmci_host_poll+0xf8/0x2b0 drivers/misc/vmw_vmci/vmci_host.c:174\n vfs_poll include/linux/poll.h:88 [inline]\n do_pollfd fs/select.c:873 [inline]\n do_poll fs/select.c:921 [inline]\n do_sys_poll+0xc7c/0x1aa0 fs/select.c:1015\n __do_sys_ppoll fs/select.c:1121 [inline]\n __se_sys_ppoll+0x2cc/0x330 fs/select.c:1101\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x4e/0xa0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nExample thread interleaving that causes the general protection fault\nis as follows:\n\nCPU1 (vmci_host_poll) CPU2 (vmci_host_do_init_context)\n----- -----\n// Read uninitialized context\ncontext = vmci_host_dev-\u003econtext;\n // Initialize context\n vmci_host_dev-\u003econtext = vmci_ctx_create();\n vmci_host_dev-\u003ect_type = VMCIOBJ_CONTEXT;\n\nif (vmci_host_dev-\u003ect_type == VMCIOBJ_CONTEXT) {\n // Dereferencing the wrong pointer\n poll_wait(..., \u0026context-\u003ehost_context);\n}\n\nIn this scenario, vmci_host_poll() reads vmci_host_dev-\u003econtext first,\nand then reads vmci_host_dev-\u003ect_type to check that\nvmci_host_dev-\u003econtext is initialized. However, since these two reads\nare not atomically executed, there is a chance of a race condition as\ndescribed above.\n\nTo fix this race condition, read vmci_host_dev-\u003econtext after checking\nthe value of vmci_host_dev-\u003ect_type so that vmci_host_poll() always\nreads an initialized context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54007",
"url": "https://www.suse.com/security/cve/CVE-2023-54007"
},
{
"category": "external",
"summary": "SUSE Bug 1255626 for CVE-2023-54007",
"url": "https://bugzilla.suse.com/1255626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54007"
},
{
"cve": "CVE-2023-54009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path\n\nThe cdns_i2c_master_xfer() function gets a runtime PM reference when the\nfunction is entered. This reference is released when the function is\nexited. There is currently one error path where the function exits\ndirectly, which leads to a leak of the runtime PM reference.\n\nMake sure that this error path also releases the runtime PM reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54009",
"url": "https://www.suse.com/security/cve/CVE-2023-54009"
},
{
"category": "external",
"summary": "SUSE Bug 1255620 for CVE-2023-54009",
"url": "https://bugzilla.suse.com/1255620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54009"
},
{
"cve": "CVE-2023-54010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects\n\nACPICA commit 0d5f467d6a0ba852ea3aad68663cbcbd43300fd4\n\nACPI_ALLOCATE_ZEROED may fails, object_info might be null and will cause\nnull pointer dereference later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54010",
"url": "https://www.suse.com/security/cve/CVE-2023-54010"
},
{
"category": "external",
"summary": "SUSE Bug 1256326 for CVE-2023-54010",
"url": "https://bugzilla.suse.com/1256326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54010"
},
{
"cve": "CVE-2023-54014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()\n\nKlocwork reported warning of rport maybe NULL and will be dereferenced.\nrport returned by call to fc_bsg_to_rport() could be NULL and dereferenced.\n\nCheck valid rport returned by fc_bsg_to_rport().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54014",
"url": "https://www.suse.com/security/cve/CVE-2023-54014"
},
{
"category": "external",
"summary": "SUSE Bug 1256300 for CVE-2023-54014",
"url": "https://bugzilla.suse.com/1256300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54014"
},
{
"cve": "CVE-2023-54015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Devcom, fix error flow in mlx5_devcom_register_device\n\nIn case devcom allocation is failed, mlx5 is always freeing the priv.\nHowever, this priv might have been allocated by a different thread,\nand freeing it might lead to use-after-free bugs.\nFix it by freeing the priv only in case it was allocated by the\nrunning thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54015",
"url": "https://www.suse.com/security/cve/CVE-2023-54015"
},
{
"category": "external",
"summary": "SUSE Bug 1255562 for CVE-2023-54015",
"url": "https://bugzilla.suse.com/1255562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54015"
},
{
"cve": "CVE-2023-54018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/hdmi: Add missing check for alloc_ordered_workqueue\n\nAdd check for the return value of alloc_ordered_workqueue as it may return\nNULL pointer and cause NULL pointer dereference in `hdmi_hdcp.c` and\n`hdmi_hpd.c`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/517211/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54018",
"url": "https://www.suse.com/security/cve/CVE-2023-54018"
},
{
"category": "external",
"summary": "SUSE Bug 1255690 for CVE-2023-54018",
"url": "https://bugzilla.suse.com/1255690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54018"
},
{
"cve": "CVE-2023-54019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/psi: use kernfs polling functions for PSI trigger polling\n\nDestroying psi trigger in cgroup_file_release causes UAF issues when\na cgroup is removed from under a polling process. This is happening\nbecause cgroup removal causes a call to cgroup_file_release while the\nactual file is still alive. Destroying the trigger at this point would\nalso destroy its waitqueue head and if there is still a polling process\non that file accessing the waitqueue, it will step on the freed pointer:\n\ndo_select\n vfs_poll\n do_rmdir\n cgroup_rmdir\n kernfs_drain_open_files\n cgroup_file_release\n cgroup_pressure_release\n psi_trigger_destroy\n wake_up_pollfree(\u0026t-\u003eevent_wait)\n// vfs_poll is unblocked\n synchronize_rcu\n kfree(t)\n poll_freewait -\u003e UAF access to the trigger\u0027s waitqueue head\n\nPatch [1] fixed this issue for epoll() case using wake_up_pollfree(),\nhowever the same issue exists for synchronous poll() case.\nThe root cause of this issue is that the lifecycles of the psi trigger\u0027s\nwaitqueue and of the file associated with the trigger are different. Fix\nthis by using kernfs_generic_poll function when polling on cgroup-specific\npsi triggers. It internally uses kernfs_open_node-\u003epoll waitqueue head\nwith its lifecycle tied to the file\u0027s lifecycle. This also renders the\nfix in [1] obsolete, so revert it.\n\n[1] commit c2dbe32d5db5 (\"sched/psi: Fix use-after-free in ep_remove_wait_queue()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54019",
"url": "https://www.suse.com/security/cve/CVE-2023-54019"
},
{
"category": "external",
"summary": "SUSE Bug 1255636 for CVE-2023-54019",
"url": "https://bugzilla.suse.com/1255636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54019"
},
{
"cve": "CVE-2023-54020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: pdma_desc memory leak fix\n\nCommit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread support for a\nDMA channel\") changed sf_pdma_prep_dma_memcpy() to unconditionally\nallocate a new sf_pdma_desc each time it is called.\n\nThe driver previously recycled descs, by checking the in_use flag, only\nallocating additional descs if the existing one was in use. This logic\nwas removed in commit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread\nsupport for a DMA channel\"), but sf_pdma_free_desc() was not changed to\nhandle the new behaviour.\n\nAs a result, each time sf_pdma_prep_dma_memcpy() is called, the previous\ndescriptor is leaked, over time leading to memory starvation:\n\n unreferenced object 0xffffffe008447300 (size 192):\n comm \"irq/39-mchp_dsc\", pid 343, jiffies 4294906910 (age 981.200s)\n hex dump (first 32 bytes):\n 00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................\n 00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p.............\n backtrace:\n [\u003c00000000064a04f4\u003e] kmemleak_alloc+0x1e/0x28\n [\u003c00000000018927a7\u003e] kmem_cache_alloc+0x11e/0x178\n [\u003c000000002aea8d16\u003e] sf_pdma_prep_dma_memcpy+0x40/0x112\n\nAdd the missing kfree() to sf_pdma_free_desc(), and remove the redundant\nin_use flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54020",
"url": "https://www.suse.com/security/cve/CVE-2023-54020"
},
{
"category": "external",
"summary": "SUSE Bug 1255574 for CVE-2023-54020",
"url": "https://bugzilla.suse.com/1255574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54020"
},
{
"cve": "CVE-2023-54021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: set goal start correctly in ext4_mb_normalize_request\n\nWe need to set ac_g_ex to notify the goal start used in\next4_mb_find_by_goal. Set ac_g_ex instead of ac_f_ex in\next4_mb_normalize_request.\nBesides we should assure goal start is in range [first_data_block,\nblocks_count) as ext4_mb_initialize_context does.\n\n[ Added a check to make sure size is less than ar-\u003epright; otherwise\n we could end up passing an underflowed value of ar-\u003epright - size to\n ext4_get_group_no_and_offset(), which will trigger a BUG_ON later on.\n - TYT ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54021",
"url": "https://www.suse.com/security/cve/CVE-2023-54021"
},
{
"category": "external",
"summary": "SUSE Bug 1255600 for CVE-2023-54021",
"url": "https://bugzilla.suse.com/1255600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54021"
},
{
"cve": "CVE-2023-54024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54024"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy target device if coalesced MMIO unregistration fails\n\nDestroy and free the target coalesced MMIO device if unregistering said\ndevice fails. As clearly noted in the code, kvm_io_bus_unregister_dev()\ndoes not destroy the target device.\n\n BUG: memory leak\n unreferenced object 0xffff888112a54880 (size 64):\n comm \"syz-executor.2\", pid 5258, jiffies 4297861402 (age 14.129s)\n hex dump (first 32 bytes):\n 38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff 8.g.....8.g.....\n e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff .........0g.....\n backtrace:\n [\u003c0000000006995a8a\u003e] kmalloc include/linux/slab.h:556 [inline]\n [\u003c0000000006995a8a\u003e] kzalloc include/linux/slab.h:690 [inline]\n [\u003c0000000006995a8a\u003e] kvm_vm_ioctl_register_coalesced_mmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:150\n [\u003c00000000022550c2\u003e] kvm_vm_ioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3323\n [\u003c000000008a75102f\u003e] vfs_ioctl fs/ioctl.c:46 [inline]\n [\u003c000000008a75102f\u003e] file_ioctl fs/ioctl.c:509 [inline]\n [\u003c000000008a75102f\u003e] do_vfs_ioctl+0xbab/0x1160 fs/ioctl.c:696\n [\u003c0000000080e3f669\u003e] ksys_ioctl+0x76/0xa0 fs/ioctl.c:713\n [\u003c0000000059ef4888\u003e] __do_sys_ioctl fs/ioctl.c:720 [inline]\n [\u003c0000000059ef4888\u003e] __se_sys_ioctl fs/ioctl.c:718 [inline]\n [\u003c0000000059ef4888\u003e] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718\n [\u003c000000006444fa05\u003e] do_syscall_64+0x9f/0x4e0 arch/x86/entry/common.c:290\n [\u003c000000009a4ed50b\u003e] entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\n BUG: leak checking failed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54024",
"url": "https://www.suse.com/security/cve/CVE-2023-54024"
},
{
"category": "external",
"summary": "SUSE Bug 1255609 for CVE-2023-54024",
"url": "https://bugzilla.suse.com/1255609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54024"
},
{
"cve": "CVE-2023-54025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Do not configure WoWlan in shutdown hook if not enabled\n\nIn case WoWlan was never configured during the operation of the system,\nthe hw-\u003ewiphy-\u003ewowlan_config will be NULL. rsi_config_wowlan() checks\nwhether wowlan_config is non-NULL and if it is not, then WARNs about it.\nThe warning is valid, as during normal operation the rsi_config_wowlan()\nshould only ever be called with non-NULL wowlan_config. In shutdown this\nrsi_config_wowlan() should only ever be called if WoWlan was configured\nbefore by the user.\n\nAdd checks for non-NULL wowlan_config into the shutdown hook. While at it,\ncheck whether the wiphy is also non-NULL before accessing wowlan_config .\nDrop the single-use wowlan_config variable, just inline it into function\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54025",
"url": "https://www.suse.com/security/cve/CVE-2023-54025"
},
{
"category": "external",
"summary": "SUSE Bug 1255558 for CVE-2023-54025",
"url": "https://bugzilla.suse.com/1255558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54025"
},
{
"cve": "CVE-2023-54026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopp: Fix use-after-free in lazy_opp_tables after probe deferral\n\nWhen dev_pm_opp_of_find_icc_paths() in _allocate_opp_table() returns\n-EPROBE_DEFER, the opp_table is freed again, to wait until all the\ninterconnect paths are available.\n\nHowever, if the OPP table is using required-opps then it may already\nhave been added to the global lazy_opp_tables list. The error path\ndoes not remove the opp_table from the list again.\n\nThis can cause crashes later when the provider of the required-opps\nis added, since we will iterate over OPP tables that have already been\nfreed. E.g.:\n\n Unable to handle kernel NULL pointer dereference when read\n CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.4.0-rc3\n PC is at _of_add_opp_table_v2 (include/linux/of.h:949\n drivers/opp/of.c:98 drivers/opp/of.c:344 drivers/opp/of.c:404\n drivers/opp/of.c:1032) -\u003e lazy_link_required_opp_table()\n\nFix this by calling _of_clear_opp_table() to remove the opp_table from\nthe list and clear other allocated resources. While at it, also add the\nmissing mutex_destroy() calls in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54026",
"url": "https://www.suse.com/security/cve/CVE-2023-54026"
},
{
"category": "external",
"summary": "SUSE Bug 1255549 for CVE-2023-54026",
"url": "https://bugzilla.suse.com/1255549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54026"
},
{
"cve": "CVE-2023-54028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the error \"trying to register non-static key in rxe_cleanup_task\"\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like rxe_init_task are not setup until\nrxe_qp_init_req().\n\nIf an error occurred before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nIf rxe_init_task is not executed, rxe_cleanup_task will not be called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54028",
"url": "https://www.suse.com/security/cve/CVE-2023-54028"
},
{
"category": "external",
"summary": "SUSE Bug 1255546 for CVE-2023-54028",
"url": "https://bugzilla.suse.com/1255546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54028"
},
{
"cve": "CVE-2023-54036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU\n\nThe wifi + bluetooth combo chip RTL8723BU can leak memory (especially?)\nwhen it\u0027s connected to a bluetooth audio device. The busy bluetooth\ntraffic generates lots of C2H (card to host) messages, which are not\nfreed correctly.\n\nTo fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback()\ninside the loop where skb_dequeue() is called.\n\nThe RTL8192EU leaks memory because the C2H messages are added to the\nqueue and left there forever. (This was fine in the past because it\nprobably wasn\u0027t sending any C2H messages until commit e542e66b7c2e\n(\"wifi: rtl8xxxu: gen2: Turn on the rate control\"). Since that commit\nit sends a C2H message when the TX rate changes.)\n\nTo fix this, delete the check for rf_paths \u003e 1 and the goto. Let the\nfunction process the C2H messages from RTL8192EU like the ones from\nthe other chips.\n\nTheoretically the RTL8188FU could also leak like RTL8723BU, but it\nmost likely doesn\u0027t send C2H messages frequently enough.\n\nThis change was tested with RTL8723BU by Erhard F. I tested it with\nRTL8188FU and RTL8192EU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54036",
"url": "https://www.suse.com/security/cve/CVE-2023-54036"
},
{
"category": "external",
"summary": "SUSE Bug 1255528 for CVE-2023-54036",
"url": "https://bugzilla.suse.com/1255528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54036"
},
{
"cve": "CVE-2023-54039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access\n\nIn the j1939_tp_tx_dat_new() function, an out-of-bounds memory access\ncould occur during the memcpy() operation if the size of skb-\u003ecb is\nlarger than the size of struct j1939_sk_buff_cb. This is because the\nmemcpy() operation uses the size of skb-\u003ecb, leading to a read beyond\nthe struct j1939_sk_buff_cb.\n\nUpdated the memcpy() operation to use the size of struct\nj1939_sk_buff_cb instead of the size of skb-\u003ecb. This ensures that the\nmemcpy() operation only reads the memory within the bounds of struct\nj1939_sk_buff_cb, preventing out-of-bounds memory access.\n\nAdditionally, add a BUILD_BUG_ON() to check that the size of skb-\u003ecb\nis greater than or equal to the size of struct j1939_sk_buff_cb. This\nensures that the skb-\u003ecb buffer is large enough to hold the\nj1939_sk_buff_cb structure.\n\n[mkl: rephrase commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54039",
"url": "https://www.suse.com/security/cve/CVE-2023-54039"
},
{
"category": "external",
"summary": "SUSE Bug 1255555 for CVE-2023-54039",
"url": "https://bugzilla.suse.com/1255555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54039"
},
{
"cve": "CVE-2023-54040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix wrong fallback logic for FDIR\n\nWhen adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure,\nthe inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr\nreturns failure, the fdir context info for irq handler will not be cleared\nwhich may lead to inconsistent or memory leak issue. This patch refines\nfailure cases to resolve this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54040",
"url": "https://www.suse.com/security/cve/CVE-2023-54040"
},
{
"category": "external",
"summary": "SUSE Bug 1255554 for CVE-2023-54040",
"url": "https://bugzilla.suse.com/1255554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54040"
},
{
"cve": "CVE-2023-54042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix VAS mm use after free\n\nThe refcount on mm is dropped before the coprocessor is detached.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54042",
"url": "https://www.suse.com/security/cve/CVE-2023-54042"
},
{
"category": "external",
"summary": "SUSE Bug 1255702 for CVE-2023-54042",
"url": "https://bugzilla.suse.com/1255702"
},
{
"category": "external",
"summary": "SUSE Bug 1257670 for CVE-2023-54042",
"url": "https://bugzilla.suse.com/1257670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-54042"
},
{
"cve": "CVE-2023-54045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix possible soft lockup in __audit_inode_child()\n\nTracefs or debugfs maybe cause hundreds to thousands of PATH records,\ntoo many PATH records maybe cause soft lockup.\n\nFor example:\n 1. CONFIG_KASAN=y \u0026\u0026 CONFIG_PREEMPTION=n\n 2. auditctl -a exit,always -S open -k key\n 3. sysctl -w kernel.watchdog_thresh=5\n 4. mkdir /sys/kernel/debug/tracing/instances/test\n\nThere may be a soft lockup as follows:\n watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]\n Kernel panic - not syncing: softlockup: hung tasks\n Call trace:\n dump_backtrace+0x0/0x30c\n show_stack+0x20/0x30\n dump_stack+0x11c/0x174\n panic+0x27c/0x494\n watchdog_timer_fn+0x2bc/0x390\n __run_hrtimer+0x148/0x4fc\n __hrtimer_run_queues+0x154/0x210\n hrtimer_interrupt+0x2c4/0x760\n arch_timer_handler_phys+0x48/0x60\n handle_percpu_devid_irq+0xe0/0x340\n __handle_domain_irq+0xbc/0x130\n gic_handle_irq+0x78/0x460\n el1_irq+0xb8/0x140\n __audit_inode_child+0x240/0x7bc\n tracefs_create_file+0x1b8/0x2a0\n trace_create_file+0x18/0x50\n event_create_dir+0x204/0x30c\n __trace_add_new_event+0xac/0x100\n event_trace_add_tracer+0xa0/0x130\n trace_array_create_dir+0x60/0x140\n trace_array_create+0x1e0/0x370\n instance_mkdir+0x90/0xd0\n tracefs_syscall_mkdir+0x68/0xa0\n vfs_mkdir+0x21c/0x34c\n do_mkdirat+0x1b4/0x1d4\n __arm64_sys_mkdirat+0x4c/0x60\n el0_svc_common.constprop.0+0xa8/0x240\n do_el0_svc+0x8c/0xc0\n el0_svc+0x20/0x30\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x160/0x180\n\nTherefore, we add cond_resched() to __audit_inode_child() to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54045",
"url": "https://www.suse.com/security/cve/CVE-2023-54045"
},
{
"category": "external",
"summary": "SUSE Bug 1256285 for CVE-2023-54045",
"url": "https://bugzilla.suse.com/1256285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54045"
},
{
"cve": "CVE-2023-54046",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54046"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Handle EBUSY correctly\n\nAs it is essiv only handles the special return value of EINPROGERSS,\nwhich means that in all other cases it will free data related to the\nrequest.\n\nHowever, as the caller of essiv may specify MAY_BACKLOG, we also need\nto expect EBUSY and treat it in the same way. Otherwise backlogged\nrequests will trigger a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54046",
"url": "https://www.suse.com/security/cve/CVE-2023-54046"
},
{
"category": "external",
"summary": "SUSE Bug 1256295 for CVE-2023-54046",
"url": "https://bugzilla.suse.com/1256295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54046"
},
{
"cve": "CVE-2023-54048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54048"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Prevent handling any completions after qp destroy\n\nHW may generate completions that indicates QP is destroyed.\nDriver should not be scheduling any more completion handlers\nfor this QP, after the QP is destroyed. Since CQs are active\nduring the QP destroy, driver may still schedule completion\nhandlers. This can cause a race where the destroy_cq and poll_cq\nrunning simultaneously.\n\nSnippet of kernel panic while doing bnxt_re driver load unload in loop.\nThis indicates a poll after the CQ is freed. \n\n[77786.481636] Call Trace:\n[77786.481640] \u003cTASK\u003e\n[77786.481644] bnxt_re_poll_cq+0x14a/0x620 [bnxt_re]\n[77786.481658] ? kvm_clock_read+0x14/0x30\n[77786.481693] __ib_process_cq+0x57/0x190 [ib_core]\n[77786.481728] ib_cq_poll_work+0x26/0x80 [ib_core]\n[77786.481761] process_one_work+0x1e5/0x3f0\n[77786.481768] worker_thread+0x50/0x3a0\n[77786.481785] ? __pfx_worker_thread+0x10/0x10\n[77786.481790] kthread+0xe2/0x110\n[77786.481794] ? __pfx_kthread+0x10/0x10\n[77786.481797] ret_from_fork+0x2c/0x50\n\nTo avoid this, complete all completion handlers before returning the\ndestroy QP. If free_cq is called soon after destroy_qp, IB stack\nwill cancel the CQ work before invoking the destroy_cq verb and\nthis will prevent any race mentioned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54048",
"url": "https://www.suse.com/security/cve/CVE-2023-54048"
},
{
"category": "external",
"summary": "SUSE Bug 1256395 for CVE-2023-54048",
"url": "https://bugzilla.suse.com/1256395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54048"
},
{
"cve": "CVE-2023-54049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: glink: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54049",
"url": "https://www.suse.com/security/cve/CVE-2023-54049"
},
{
"category": "external",
"summary": "SUSE Bug 1256396 for CVE-2023-54049",
"url": "https://bugzilla.suse.com/1256396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54049"
},
{
"cve": "CVE-2023-54050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix memleak when insert_old_idx() failed\n\nFollowing process will cause a memleak for copied up znode:\n\ndirty_cow_znode\n zn = copy_znode(c, znode);\n err = insert_old_idx(c, zbr-\u003elnum, zbr-\u003eoffs);\n if (unlikely(err))\n return ERR_PTR(err); // No one refers to zn.\n\nFetch a reproducer in [Link].\n\nFunction copy_znode() is split into 2 parts: resource allocation\nand znode replacement, insert_old_idx() is split in similar way,\nso resource cleanup could be done in error handling path without\ncorrupting metadata(mem \u0026 disk).\nIt\u0027s okay that old index inserting is put behind of add_idx_dirt(),\nold index is used in layout_leb_in_gaps(), so the two processes do\nnot depend on each other.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54050",
"url": "https://www.suse.com/security/cve/CVE-2023-54050"
},
{
"category": "external",
"summary": "SUSE Bug 1256397 for CVE-2023-54050",
"url": "https://bugzilla.suse.com/1256397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54050"
},
{
"cve": "CVE-2023-54051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not allow gso_size to be set to GSO_BY_FRAGS\n\nOne missing check in virtio_net_hdr_to_skb() allowed\nsyzbot to crash kernels again [1]\n\nDo not allow gso_size to be set to GSO_BY_FRAGS (0xffff),\nbecause this magic value is used by the kernel.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 0 PID: 5039 Comm: syz-executor401 Not tainted 6.5.0-rc5-next-20230809-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:skb_segment+0x1a52/0x3ef0 net/core/skbuff.c:4500\nCode: 00 00 00 e9 ab eb ff ff e8 6b 96 5d f9 48 8b 84 24 00 01 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e ea 21 00 00 48 8b 84 24 00 01\nRSP: 0018:ffffc90003d3f1c8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 000000000001fffe RCX: 0000000000000000\nRDX: 000000000000000e RSI: ffffffff882a3115 RDI: 0000000000000070\nRBP: ffffc90003d3f378 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 5ee4a93e456187d6 R12: 000000000001ffc6\nR13: dffffc0000000000 R14: 0000000000000008 R15: 000000000000ffff\nFS: 00005555563f2380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020020000 CR3: 000000001626d000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0x9d2/0xd50 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x5c4/0x17b0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x292/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x3a5/0xf10 net/core/dev.c:3625\n__dev_queue_xmit+0x8f0/0x3d60 net/core/dev.c:4329\ndev_queue_xmit include/linux/netdevice.h:3082 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c7/0x5570 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:727 [inline]\nsock_sendmsg+0xd9/0x180 net/socket.c:750\n____sys_sendmsg+0x6ac/0x940 net/socket.c:2496\n___sys_sendmsg+0x135/0x1d0 net/socket.c:2550\n__sys_sendmsg+0x117/0x1e0 net/socket.c:2579\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ff27cdb34d9",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54051",
"url": "https://www.suse.com/security/cve/CVE-2023-54051"
},
{
"category": "external",
"summary": "SUSE Bug 1256394 for CVE-2023-54051",
"url": "https://bugzilla.suse.com/1256394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54051"
},
{
"cve": "CVE-2023-54053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: pcie: fix possible NULL pointer dereference\n\nIt is possible that iwl_pci_probe() will fail and free the trans,\nthen afterwards iwl_pci_remove() will be called and crash by trying\nto access trans which is already freed, fix it.\n\niwlwifi 0000:01:00.0: Detected crf-id 0xa5a5a5a2, cnv-id 0xa5a5a5a2\n\t\t wfpm id 0xa5a5a5a2\niwlwifi 0000:01:00.0: Can\u0027t find a correct rfid for crf id 0x5a2\n...\nBUG: kernel NULL pointer dereference, address: 0000000000000028\n...\nRIP: 0010:iwl_pci_remove+0x12/0x30 [iwlwifi]\npci_device_remove+0x3e/0xb0\ndevice_release_driver_internal+0x103/0x1f0\ndriver_detach+0x4c/0x90\nbus_remove_driver+0x5c/0xd0\ndriver_unregister+0x31/0x50\npci_unregister_driver+0x40/0x90\niwl_pci_unregister_driver+0x15/0x20 [iwlwifi]\n__exit_compat+0x9/0x98 [iwlwifi]\n__x64_sys_delete_module+0x147/0x260",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54053",
"url": "https://www.suse.com/security/cve/CVE-2023-54053"
},
{
"category": "external",
"summary": "SUSE Bug 1256388 for CVE-2023-54053",
"url": "https://bugzilla.suse.com/1256388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54053"
},
{
"cve": "CVE-2023-54055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix memory leak of PBLE objects\n\nOn rmmod of irdma, the PBLE object memory is not being freed. PBLE object\nmemory are not statically pre-allocated at function initialization time\nunlike other HMC objects. PBLEs objects and the Segment Descriptors (SD)\nfor it can be dynamically allocated during scale up and SD\u0027s remain\nallocated till function deinitialization.\n\nFix this leak by adding IRDMA_HMC_IW_PBLE to the iw_hmc_obj_types[] table\nand skip pbles in irdma_create_hmc_obj but not in irdma_del_hmc_objects().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54055",
"url": "https://www.suse.com/security/cve/CVE-2023-54055"
},
{
"category": "external",
"summary": "SUSE Bug 1256384 for CVE-2023-54055",
"url": "https://bugzilla.suse.com/1256384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54055"
},
{
"cve": "CVE-2023-54058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Check if ffa_driver remove is present before executing\n\nCurrently ffa_drv-\u003eremove() is called unconditionally from\nffa_device_remove(). Since the driver registration doesn\u0027t check for it\nand allows it to be registered without .remove callback, we need to check\nfor the presence of it before executing it from ffa_device_remove() to\nabove a NULL pointer dereference like the one below:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | Mem abort info:\n | ESR = 0x0000000086000004\n | EC = 0x21: IABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | FSC = 0x04: level 0 translation fault\n | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881cc8000\n | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n | Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP\n | CPU: 3 PID: 130 Comm: rmmod Not tainted 6.3.0-rc7 #6\n | Hardware name: FVP Base RevC (DT)\n | pstate: 63402809 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=-c)\n | pc : 0x0\n | lr : ffa_device_remove+0x20/0x2c\n | Call trace:\n | 0x0\n | device_release_driver_internal+0x16c/0x260\n | driver_detach+0x90/0xd0\n | bus_remove_driver+0xdc/0x11c\n | driver_unregister+0x30/0x54\n | ffa_driver_unregister+0x14/0x20\n | cleanup_module+0x18/0xeec\n | __arm64_sys_delete_module+0x234/0x378\n | invoke_syscall+0x40/0x108\n | el0_svc_common+0xb4/0xf0\n | do_el0_svc+0x30/0xa4\n | el0_svc+0x2c/0x7c\n | el0t_64_sync_handler+0x84/0xf0\n | el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54058",
"url": "https://www.suse.com/security/cve/CVE-2023-54058"
},
{
"category": "external",
"summary": "SUSE Bug 1256382 for CVE-2023-54058",
"url": "https://bugzilla.suse.com/1256382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54058"
},
{
"cve": "CVE-2023-54064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:ssif: Fix a memory leak when scanning for an adapter\n\nThe adapter scan ssif_info_find() sets info-\u003eadapter_name if the adapter\ninfo came from SMBIOS, as it\u0027s not set in that case. However, this\nfunction can be called more than once, and it will leak the adapter name\nif it had already been set. So check for NULL before setting it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54064",
"url": "https://www.suse.com/security/cve/CVE-2023-54064"
},
{
"category": "external",
"summary": "SUSE Bug 1256375 for CVE-2023-54064",
"url": "https://bugzilla.suse.com/1256375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54064"
},
{
"cve": "CVE-2023-54072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential data race at PCM memory allocation helpers\n\nThe PCM memory allocation helpers have a sanity check against too many\nbuffer allocations. However, the check is performed without a proper\nlock and the allocation isn\u0027t serialized; this allows user to allocate\nmore memories than predefined max size.\n\nPractically seen, this isn\u0027t really a big problem, as it\u0027s more or\nless some \"soft limit\" as a sanity check, and it\u0027s not possible to\nallocate unlimitedly. But it\u0027s still better to address this for more\nconsistent behavior.\n\nThe patch covers the size check in do_alloc_pages() with the\ncard-\u003ememory_mutex, and increases the allocated size there for\npreventing the further overflow. When the actual allocation fails,\nthe size is decreased accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54072",
"url": "https://www.suse.com/security/cve/CVE-2023-54072"
},
{
"category": "external",
"summary": "SUSE Bug 1256291 for CVE-2023-54072",
"url": "https://bugzilla.suse.com/1256291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54072"
},
{
"cve": "CVE-2023-54076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix missed ses refcounting\n\nUse new cifs_smb_ses_inc_refcount() helper to get an active reference\nof @ses and @ses-\u003edfs_root_ses (if set). This will prevent\n@ses-\u003edfs_root_ses of being put in the next call to cifs_put_smb_ses()\nand thus potentially causing an use-after-free bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54076",
"url": "https://www.suse.com/security/cve/CVE-2023-54076"
},
{
"category": "external",
"summary": "SUSE Bug 1256335 for CVE-2023-54076",
"url": "https://bugzilla.suse.com/1256335"
},
{
"category": "external",
"summary": "SUSE Bug 1256450 for CVE-2023-54076",
"url": "https://bugzilla.suse.com/1256450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-54076"
},
{
"cve": "CVE-2023-54078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: max9286: Free control handler\n\nThe control handler is leaked in some probe-time error paths, as well as\nin the remove path. Fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54078",
"url": "https://www.suse.com/security/cve/CVE-2023-54078"
},
{
"category": "external",
"summary": "SUSE Bug 1256337 for CVE-2023-54078",
"url": "https://bugzilla.suse.com/1256337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54078"
},
{
"cve": "CVE-2023-54079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx: Fix poll_interval handling and races on remove\n\nBefore this patch bq27xxx_battery_teardown() was setting poll_interval = 0\nto avoid bq27xxx_battery_update() requeuing the delayed_work item.\n\nThere are 2 problems with this:\n\n1. If the driver is unbound through sysfs, rather then the module being\n rmmod-ed, this changes poll_interval unexpectedly\n\n2. This is racy, after it being set poll_interval could be changed\n before bq27xxx_battery_update() checks it through\n /sys/module/bq27xxx_battery/parameters/poll_interval\n\nFix this by added a removed attribute to struct bq27xxx_device_info and\nusing that instead of setting poll_interval to 0.\n\nThere also is another poll_interval related race on remove(), writing\n/sys/module/bq27xxx_battery/parameters/poll_interval will requeue\nthe delayed_work item for all devices on the bq27xxx_battery_devices\nlist and the device being removed was only removed from that list\nafter cancelling the delayed_work item.\n\nFix this by moving the removal from the bq27xxx_battery_devices list\nto before cancelling the delayed_work item.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54079",
"url": "https://www.suse.com/security/cve/CVE-2023-54079"
},
{
"category": "external",
"summary": "SUSE Bug 1256338 for CVE-2023-54079",
"url": "https://bugzilla.suse.com/1256338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54079"
},
{
"cve": "CVE-2023-54083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: tegra: xusb: Clear the driver reference in usb-phy dev\n\nFor the dual-role port, it will assign the phy dev to usb-phy dev and\nuse the port dev driver as the dev driver of usb-phy.\n\nWhen we try to destroy the port dev, it will destroy its dev driver\nas well. But we did not remove the reference from usb-phy dev. This\nmight cause the use-after-free issue in KASAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54083",
"url": "https://www.suse.com/security/cve/CVE-2023-54083"
},
{
"category": "external",
"summary": "SUSE Bug 1256368 for CVE-2023-54083",
"url": "https://bugzilla.suse.com/1256368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54083"
},
{
"cve": "CVE-2023-54084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-digi00x: prevent potential use after free\n\nThis code was supposed to return an error code if init_stream()\nfailed, but it instead freed dg00x-\u003erx_stream and returned success.\nThis potentially leads to a use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54084",
"url": "https://www.suse.com/security/cve/CVE-2023-54084"
},
{
"category": "external",
"summary": "SUSE Bug 1256223 for CVE-2023-54084",
"url": "https://bugzilla.suse.com/1256223"
},
{
"category": "external",
"summary": "SUSE Bug 1256225 for CVE-2023-54084",
"url": "https://bugzilla.suse.com/1256225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54084"
},
{
"cve": "CVE-2023-54090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix panic during XDP_TX with \u003e 64 CPUs\n\nCommit 4fe815850bdc (\"ixgbe: let the xdpdrv work with more than 64 cpus\")\nadds support to allow XDP programs to run on systems with more than\n64 CPUs by locking the XDP TX rings and indexing them using cpu % 64\n(IXGBE_MAX_XDP_QS).\n\nUpon trying this out patch on a system with more than 64 cores,\nthe kernel paniced with an array-index-out-of-bounds at the return in\nixgbe_determine_xdp_ring in ixgbe.h, which means ixgbe_determine_xdp_q_idx\nwas just returning the cpu instead of cpu % IXGBE_MAX_XDP_QS. An example\nsplat:\n\n ==========================================================================\n UBSAN: array-index-out-of-bounds in\n /var/lib/dkms/ixgbe/5.18.6+focal-1/build/src/ixgbe.h:1147:26\n index 65 is out of range for type \u0027ixgbe_ring *[64]\u0027\n ==========================================================================\n BUG: kernel NULL pointer dereference, address: 0000000000000058\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 65 PID: 408 Comm: ksoftirqd/65\n Tainted: G IOE 5.15.0-48-generic #54~20.04.1-Ubuntu\n Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.5.4 01/13/2020\n RIP: 0010:ixgbe_xmit_xdp_ring+0x1b/0x1c0 [ixgbe]\n Code: 3b 52 d4 cf e9 42 f2 ff ff 66 0f 1f 44 00 00 0f 1f 44 00 00 55 b9\n 00 00 00 00 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 08 \u003c44\u003e 0f b7\n 47 58 0f b7 47 5a 0f b7 57 54 44 0f b7 76 08 66 41 39 c0\n RSP: 0018:ffffbc3fcd88fcb0 EFLAGS: 00010282\n RAX: ffff92a253260980 RBX: ffffbc3fe68b00a0 RCX: 0000000000000000\n RDX: ffff928b5f659000 RSI: ffff928b5f659000 RDI: 0000000000000000\n RBP: ffffbc3fcd88fce0 R08: ffff92b9dfc20580 R09: 0000000000000001\n R10: 3d3d3d3d3d3d3d3d R11: 3d3d3d3d3d3d3d3d R12: 0000000000000000\n R13: ffff928b2f0fa8c0 R14: ffff928b9be20050 R15: 000000000000003c\n FS: 0000000000000000(0000) GS:ffff92b9dfc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000058 CR3: 000000011dd6a002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ixgbe_poll+0x103e/0x1280 [ixgbe]\n ? sched_clock_cpu+0x12/0xe0\n __napi_poll+0x30/0x160\n net_rx_action+0x11c/0x270\n __do_softirq+0xda/0x2ee\n run_ksoftirqd+0x2f/0x50\n smpboot_thread_fn+0xb7/0x150\n ? sort_range+0x30/0x30\n kthread+0x127/0x150\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n\nI think this is how it happens:\n\nUpon loading the first XDP program on a system with more than 64 CPUs,\nixgbe_xdp_locking_key is incremented in ixgbe_xdp_setup. However,\nimmediately after this, the rings are reconfigured by ixgbe_setup_tc.\nixgbe_setup_tc calls ixgbe_clear_interrupt_scheme which calls\nixgbe_free_q_vectors which calls ixgbe_free_q_vector in a loop.\nixgbe_free_q_vector decrements ixgbe_xdp_locking_key once per call if\nit is non-zero. Commenting out the decrement in ixgbe_free_q_vector\nstopped my system from panicing.\n\nI suspect to make the original patch work, I would need to load an XDP\nprogram and then replace it in order to get ixgbe_xdp_locking_key back\nabove 0 since ixgbe_setup_tc is only called when transitioning between\nXDP and non-XDP ring configurations, while ixgbe_xdp_locking_key is\nincremented every time ixgbe_xdp_setup is called.\n\nAlso, ixgbe_setup_tc can be called via ethtool --set-channels, so this\nbecomes another path to decrement ixgbe_xdp_locking_key to 0 on systems\nwith more than 64 CPUs.\n\nSince ixgbe_xdp_locking_key only protects the XDP_TX path and is tied\nto the number of CPUs present, there is no reason to disable it upon\nunloading an XDP program. To avoid confusion, I have moved enabling\nixgbe_xdp_locking_key into ixgbe_sw_init, which is part of the probe path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54090",
"url": "https://www.suse.com/security/cve/CVE-2023-54090"
},
{
"category": "external",
"summary": "SUSE Bug 1256269 for CVE-2023-54090",
"url": "https://bugzilla.suse.com/1256269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54090"
},
{
"cve": "CVE-2023-54091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_target_cloned\n\ndmt_mode is allocated and never freed in this function.\nIt was found with the ast driver, but most drivers using generic fbdev\nsetup are probably affected.\n\nThis fixes the following kmemleak report:\n backtrace:\n [\u003c00000000b391296d\u003e] drm_mode_duplicate+0x45/0x220 [drm]\n [\u003c00000000e45bb5b3\u003e] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm]\n [\u003c00000000ed2d3a37\u003e] drm_client_modeset_probe+0x6bd/0xf50 [drm]\n [\u003c0000000010e5cc9d\u003e] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\n [\u003c00000000909f82ca\u003e] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\n [\u003c00000000063a69aa\u003e] drm_client_register+0x169/0x240 [drm]\n [\u003c00000000a8c61525\u003e] ast_pci_probe+0x142/0x190 [ast]\n [\u003c00000000987f19bb\u003e] local_pci_probe+0xdc/0x180\n [\u003c000000004fca231b\u003e] work_for_cpu_fn+0x4e/0xa0\n [\u003c0000000000b85301\u003e] process_one_work+0x8b7/0x1540\n [\u003c000000003375b17c\u003e] worker_thread+0x70a/0xed0\n [\u003c00000000b0d43cd9\u003e] kthread+0x29f/0x340\n [\u003c000000008d770833\u003e] ret_from_fork+0x1f/0x30\nunreferenced object 0xff11000333089a00 (size 128):",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54091",
"url": "https://www.suse.com/security/cve/CVE-2023-54091"
},
{
"category": "external",
"summary": "SUSE Bug 1256274 for CVE-2023-54091",
"url": "https://bugzilla.suse.com/1256274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54091"
},
{
"cve": "CVE-2023-54092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: pv: fix index value of replaced ASCE\n\nThe index field of the struct page corresponding to a guest ASCE should\nbe 0. When replacing the ASCE in s390_replace_asce(), the index of the\nnew ASCE should also be set to 0.\n\nHaving the wrong index might lead to the wrong addresses being passed\naround when notifying pte invalidations, and eventually to validity\nintercepts (VM crash) if the prefix gets unmapped and the notifier gets\ncalled with the wrong address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54092",
"url": "https://www.suse.com/security/cve/CVE-2023-54092"
},
{
"category": "external",
"summary": "SUSE Bug 1256370 for CVE-2023-54092",
"url": "https://bugzilla.suse.com/1256370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54092"
},
{
"cve": "CVE-2023-54095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Fix notifiers being shared by PCI and VIO buses\n\nfail_iommu_setup() registers the fail_iommu_bus_notifier struct to both\nPCI and VIO buses. struct notifier_block is a linked list node, so this\ncauses any notifiers later registered to either bus type to also be\nregistered to the other since they share the same node.\n\nThis causes issues in (at least) the vgaarb code, which registers a\nnotifier for PCI buses. pci_notify() ends up being called on a vio\ndevice, converted with to_pci_dev() even though it\u0027s not a PCI device,\nand finally makes a bad access in vga_arbiter_add_pci_device() as\ndiscovered with KASAN:\n\n BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00\n Read of size 4 at addr c000000264c26fdc by task swapper/0/1\n\n Call Trace:\n dump_stack_lvl+0x1bc/0x2b8 (unreliable)\n print_report+0x3f4/0xc60\n kasan_report+0x244/0x698\n __asan_load4+0xe8/0x250\n vga_arbiter_add_pci_device+0x60/0xe00\n pci_notify+0x88/0x444\n notifier_call_chain+0x104/0x320\n blocking_notifier_call_chain+0xa0/0x140\n device_add+0xac8/0x1d30\n device_register+0x58/0x80\n vio_register_device_node+0x9ac/0xce0\n vio_bus_scan_register_devices+0xc4/0x13c\n __machine_initcall_pseries_vio_device_init+0x94/0xf0\n do_one_initcall+0x12c/0xaa8\n kernel_init_freeable+0xa48/0xba8\n kernel_init+0x64/0x400\n ret_from_kernel_thread+0x5c/0x64\n\nFix this by creating separate notifier_block structs for each bus type.\n\n[mpe: Add #ifdef to fix CONFIG_IBMVIO=n build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54095",
"url": "https://www.suse.com/security/cve/CVE-2023-54095"
},
{
"category": "external",
"summary": "SUSE Bug 1256271 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256271"
},
{
"category": "external",
"summary": "SUSE Bug 1256272 for CVE-2023-54095",
"url": "https://bugzilla.suse.com/1256272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54095"
},
{
"cve": "CVE-2023-54096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: fix enumeration completion\n\nThe soundwire subsystem uses two completion structures that allow\ndrivers to wait for soundwire device to become enumerated on the bus and\ninitialised by their drivers, respectively.\n\nThe code implementing the signalling is currently broken as it does not\nsignal all current and future waiters and also uses the wrong\nreinitialisation function, which can potentially lead to memory\ncorruption if there are still waiters on the queue.\n\nNot signalling future waiters specifically breaks sound card probe\ndeferrals as codec drivers can not tell that the soundwire device is\nalready attached when being reprobed. Some codec runtime PM\nimplementations suffer from similar problems as waiting for enumeration\nduring resume can also timeout despite the device already having been\nenumerated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54096",
"url": "https://www.suse.com/security/cve/CVE-2023-54096"
},
{
"category": "external",
"summary": "SUSE Bug 1256178 for CVE-2023-54096",
"url": "https://bugzilla.suse.com/1256178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54096"
},
{
"cve": "CVE-2023-54097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: stm32-pwr: fix of_iomap leak\n\nSmatch reports:\ndrivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn:\n\u0027base\u0027 from of_iomap() not released on lines: 151,166.\n\nIn stm32_pwr_regulator_probe(), base is not released\nwhen devm_kzalloc() fails to allocate memory or\ndevm_regulator_register() fails to register a new regulator device,\nwhich may cause a leak.\n\nTo fix this issue, replace of_iomap() with\ndevm_platform_ioremap_resource(). devm_platform_ioremap_resource()\nis a specialized function for platform devices.\nIt allows \u0027base\u0027 to be automatically released whether the probe\nfunction succeeds or fails.\n\nBesides, use IS_ERR(base) instead of !base\nas the return value of devm_platform_ioremap_resource()\ncan either be a pointer to the remapped memory or\nan ERR_PTR() encoded error code if the operation fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54097",
"url": "https://www.suse.com/security/cve/CVE-2023-54097"
},
{
"category": "external",
"summary": "SUSE Bug 1256179 for CVE-2023-54097",
"url": "https://bugzilla.suse.com/1256179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54097"
},
{
"cve": "CVE-2023-54098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gvt: fix gvt debugfs destroy\n\nWhen gvt debug fs is destroyed, need to have a sane check if drm\nminor\u0027s debugfs root is still available or not, otherwise in case like\ndevice remove through unbinding, drm minor\u0027s debugfs directory has\nalready been removed, then intel_gvt_debugfs_clean() would act upon\ndangling pointer like below oops.\n\ni915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state failed with error -2\ni915 0000:00:02.0: MDEV: Registered\nConsole: switching to colour dummy device 80x25\ni915 0000:00:02.0: MDEV: Unregistering\nBUG: kernel NULL pointer dereference, address: 00000000000000a0\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP PTI\nCPU: 2 PID: 2486 Comm: gfx-unbind.sh Tainted: G I 6.1.0-rc8+ #15\nHardware name: Dell Inc. XPS 13 9350/0JXC1H, BIOS 1.13.0 02/10/2020\nRIP: 0010:down_write+0x1f/0x90\nCode: 1d ff ff 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 89 fb e8 62 c0 ff ff bf 01 00 00 00 e8 28 5e 31 ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 33 65 48 8b 04 25 c0 bd 01 00 48 89 43 08 bf 01\nRSP: 0018:ffff9eb3036ffcc8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000000000a0 RCX: ffffff8100000000\nRDX: 0000000000000001 RSI: 0000000000000064 RDI: ffffffffa48787a8\nRBP: ffff9eb3036ffd30 R08: ffffeb1fc45a0608 R09: ffffeb1fc45a05c0\nR10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff91acc33fa328 R14: ffff91acc033f080 R15: ffff91acced533e0\nFS: 00007f6947bba740(0000) GS:ffff91ae36d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000a0 CR3: 00000001133a2002 CR4: 00000000003706e0\nCall Trace:\n \u003cTASK\u003e\n simple_recursive_removal+0x9f/0x2a0\n ? start_creating.part.0+0x120/0x120\n ? _raw_spin_lock+0x13/0x40\n debugfs_remove+0x40/0x60\n intel_gvt_debugfs_clean+0x15/0x30 [kvmgt]\n intel_gvt_clean_device+0x49/0xe0 [kvmgt]\n intel_gvt_driver_remove+0x2f/0xb0\n i915_driver_remove+0xa4/0xf0\n i915_pci_remove+0x1a/0x30\n pci_device_remove+0x33/0xa0\n device_release_driver_internal+0x1b2/0x230\n unbind_store+0xe0/0x110\n kernfs_fop_write_iter+0x11b/0x1f0\n vfs_write+0x203/0x3d0\n ksys_write+0x63/0xe0\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f6947cb5190\nCode: 40 00 48 8b 15 71 9c 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 51 24 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\nRSP: 002b:00007ffcbac45a28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f6947cb5190\nRDX: 000000000000000d RSI: 0000555e35c866a0 RDI: 0000000000000001\nRBP: 0000555e35c866a0 R08: 0000000000000002 R09: 0000555e358cb97c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001\nR13: 000000000000000d R14: 0000000000000000 R15: 0000555e358cb8e0\n \u003c/TASK\u003e\nModules linked in: kvmgt\nCR2: 00000000000000a0\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54098",
"url": "https://www.suse.com/security/cve/CVE-2023-54098"
},
{
"category": "external",
"summary": "SUSE Bug 1256185 for CVE-2023-54098",
"url": "https://bugzilla.suse.com/1256185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54098"
},
{
"cve": "CVE-2023-54100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix use after free bug in qedi_remove()\n\nIn qedi_probe() we call __qedi_probe() which initializes\n\u0026qedi-\u003erecovery_work with qedi_recovery_handler() and\n\u0026qedi-\u003eboard_disable_work with qedi_board_disable_work().\n\nWhen qedi_schedule_recovery_handler() is called, schedule_delayed_work()\nwill finally start the work.\n\nIn qedi_remove(), which is called to remove the driver, the following\nsequence may be observed:\n\nFix this by finishing the work before cleanup in qedi_remove().\n\nCPU0 CPU1\n\n |qedi_recovery_handler\nqedi_remove |\n __qedi_remove |\niscsi_host_free |\nscsi_host_put |\n//free shost |\n |iscsi_host_for_each_session\n |//use qedi-\u003eshost\n\nCancel recovery_work and board_disable_work in __qedi_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54100",
"url": "https://www.suse.com/security/cve/CVE-2023-54100"
},
{
"category": "external",
"summary": "SUSE Bug 1256152 for CVE-2023-54100",
"url": "https://bugzilla.suse.com/1256152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54100"
},
{
"cve": "CVE-2023-54102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow\n\nA static code analysis tool flagged the possibility of buffer overflow when\nusing copy_from_user() for a debugfs entry.\n\nCurrently, it is possible that copy_from_user() copies more bytes than what\nwould fit in the mybuf char array. Add a min() restriction check between\nsizeof(mybuf) - 1 and nbytes passed from the userspace buffer to protect\nagainst buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54102",
"url": "https://www.suse.com/security/cve/CVE-2023-54102"
},
{
"category": "external",
"summary": "SUSE Bug 1256173 for CVE-2023-54102",
"url": "https://bugzilla.suse.com/1256173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54102"
},
{
"cve": "CVE-2023-54104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()\n\n\u0027op-cs\u0027 is copied in \u0027fun-\u003emchip_number\u0027 which is used to access the\n\u0027mchip_offsets\u0027 and the \u0027rnb_gpio\u0027 arrays.\nThese arrays have NAND_MAX_CHIPS elements, so the index must be below this\nlimit.\n\nFix the sanity check in order to avoid the NAND_MAX_CHIPS value. This\nwould lead to out-of-bound accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54104",
"url": "https://www.suse.com/security/cve/CVE-2023-54104"
},
{
"category": "external",
"summary": "SUSE Bug 1256145 for CVE-2023-54104",
"url": "https://bugzilla.suse.com/1256145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54104"
},
{
"cve": "CVE-2023-54108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests\n\nThe following message and call trace was seen with debug kernels:\n\nDMA-API: qla2xxx 0000:41:00.0: device driver failed to check map\nerror [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as\nsingle]\nWARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017\n\t check_unmap+0xf42/0x1990\n\nCall Trace:\n\tdebug_dma_unmap_page+0xc9/0x100\n\tqla_nvme_ls_unmap+0x141/0x210 [qla2xxx]\n\nRemove DMA mapping from the driver altogether, as it is already done by FC\nlayer. This prevents the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54108",
"url": "https://www.suse.com/security/cve/CVE-2023-54108"
},
{
"category": "external",
"summary": "SUSE Bug 1256355 for CVE-2023-54108",
"url": "https://bugzilla.suse.com/1256355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54108"
},
{
"cve": "CVE-2023-54110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54110",
"url": "https://www.suse.com/security/cve/CVE-2023-54110"
},
{
"category": "external",
"summary": "SUSE Bug 1256353 for CVE-2023-54110",
"url": "https://bugzilla.suse.com/1256353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54110"
},
{
"cve": "CVE-2023-54111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups\n\nof_find_node_by_phandle() returns a node pointer with refcount incremented,\nWe should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54111",
"url": "https://www.suse.com/security/cve/CVE-2023-54111"
},
{
"category": "external",
"summary": "SUSE Bug 1256149 for CVE-2023-54111",
"url": "https://bugzilla.suse.com/1256149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54111"
},
{
"cve": "CVE-2023-54115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()\n\nWhen nonstatic_release_resource_db() frees all resources associated\nwith an PCMCIA socket, it forgets to free socket_data too, causing\na memory leak observable with kmemleak:\n\nunreferenced object 0xc28d1000 (size 64):\n comm \"systemd-udevd\", pid 297, jiffies 4294898478 (age 194.484s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................\n 00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffda4245\u003e] __kmem_cache_alloc_node+0x2d7/0x4a0\n [\u003c7e51f0c8\u003e] kmalloc_trace+0x31/0xa4\n [\u003cd52b4ca0\u003e] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc]\n [\u003ca2f13e08\u003e] pcmcia_register_socket+0x200/0x35c [pcmcia_core]\n [\u003ca728be1b\u003e] yenta_probe+0x4d8/0xa70 [yenta_socket]\n [\u003cc48fac39\u003e] pci_device_probe+0x99/0x194\n [\u003c84b7c690\u003e] really_probe+0x181/0x45c\n [\u003c8060fe6e\u003e] __driver_probe_device+0x75/0x1f4\n [\u003cb9b76f43\u003e] driver_probe_device+0x28/0xac\n [\u003c648b766f\u003e] __driver_attach+0xeb/0x1e4\n [\u003c6e9659eb\u003e] bus_for_each_dev+0x61/0xb4\n [\u003c25a669f3\u003e] driver_attach+0x1e/0x28\n [\u003cd8671d6b\u003e] bus_add_driver+0x102/0x20c\n [\u003cdf0d323c\u003e] driver_register+0x5b/0x120\n [\u003c942cd8a4\u003e] __pci_register_driver+0x44/0x4c\n [\u003ce536027e\u003e] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support]\n\nFix this by freeing socket_data too.\n\nTested on a Acer Travelmate 4002WLMi by manually binding/unbinding\nthe yenta_cardbus driver (yenta_socket).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54115",
"url": "https://www.suse.com/security/cve/CVE-2023-54115"
},
{
"category": "external",
"summary": "SUSE Bug 1256121 for CVE-2023-54115",
"url": "https://bugzilla.suse.com/1256121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54115"
},
{
"cve": "CVE-2023-54118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: setup GPIO controller later in probe\n\nThe GPIO controller component of the sc16is7xx driver is setup too\nearly, which can result in a race condition where another device tries\nto utilise the GPIO lines before the sc16is7xx device has finished\ninitialising.\n\nThis issue manifests itself as an Oops when the GPIO lines are configured:\n\n Unable to handle kernel read from unreadable memory at virtual address\n ...\n pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]\n ...\n Call trace:\n sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n gpiod_direction_output_raw_commit+0x64/0x318\n gpiod_direction_output+0xb0/0x170\n create_gpio_led+0xec/0x198\n gpio_led_probe+0x16c/0x4f0\n platform_drv_probe+0x5c/0xb0\n really_probe+0xe8/0x448\n driver_probe_device+0xe8/0x138\n __device_attach_driver+0x94/0x118\n bus_for_each_drv+0x8c/0xe0\n __device_attach+0x100/0x1b8\n device_initial_probe+0x28/0x38\n bus_probe_device+0xa4/0xb0\n deferred_probe_work_func+0x90/0xe0\n process_one_work+0x1c4/0x480\n worker_thread+0x54/0x430\n kthread+0x138/0x150\n ret_from_fork+0x10/0x1c\n\nThis patch moves the setup of the GPIO controller functions to later in the\nprobe function, ensuring the sc16is7xx device has already finished\ninitialising by the time other devices try to make use of the GPIO lines.\nThe error handling has also been reordered to reflect the new\ninitialisation order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54118",
"url": "https://www.suse.com/security/cve/CVE-2023-54118"
},
{
"category": "external",
"summary": "SUSE Bug 1256131 for CVE-2023-54118",
"url": "https://bugzilla.suse.com/1256131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54118"
},
{
"cve": "CVE-2023-54119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninotify: Avoid reporting event with invalid wd\n\nWhen inotify_freeing_mark() races with inotify_handle_inode_event() it\ncan happen that inotify_handle_inode_event() sees that i_mark-\u003ewd got\nalready reset to -1 and reports this value to userspace which can\nconfuse the inotify listener. Avoid the problem by validating that wd is\nsensible (and pretend the mark got removed before the event got\ngenerated otherwise).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54119",
"url": "https://www.suse.com/security/cve/CVE-2023-54119"
},
{
"category": "external",
"summary": "SUSE Bug 1256349 for CVE-2023-54119",
"url": "https://bugzilla.suse.com/1256349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54119"
},
{
"cve": "CVE-2023-54120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hidp_session_thread\n\nThere is a potential race condition in hidp_session_thread that may\nlead to use-after-free. For instance, the timer is active while\nhidp_del_timer is called in hidp_session_thread(). After hidp_session_put,\nthen \u0027session\u0027 will be freed, causing kernel panic when hidp_idle_timeout\nis running.\n\nThe solution is to use del_timer_sync instead of del_timer.\n\nHere is the call trace:\n\n? hidp_session_probe+0x780/0x780\ncall_timer_fn+0x2d/0x1e0\n__run_timers.part.0+0x569/0x940\nhidp_session_probe+0x780/0x780\ncall_timer_fn+0x1e0/0x1e0\nktime_get+0x5c/0xf0\nlapic_next_deadline+0x2c/0x40\nclockevents_program_event+0x205/0x320\nrun_timer_softirq+0xa9/0x1b0\n__do_softirq+0x1b9/0x641\n__irq_exit_rcu+0xdc/0x190\nirq_exit_rcu+0xe/0x20\nsysvec_apic_timer_interrupt+0xa1/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54120",
"url": "https://www.suse.com/security/cve/CVE-2023-54120"
},
{
"category": "external",
"summary": "SUSE Bug 1256133 for CVE-2023-54120",
"url": "https://bugzilla.suse.com/1256133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54120"
},
{
"cve": "CVE-2023-54122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add check for cstate\n\nAs kzalloc may fail and return NULL pointer,\nit should be better to check cstate\nin order to avoid the NULL pointer dereference\nin __drm_atomic_helper_crtc_reset.\n\nPatchwork: https://patchwork.freedesktop.org/patch/514163/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54122",
"url": "https://www.suse.com/security/cve/CVE-2023-54122"
},
{
"category": "external",
"summary": "SUSE Bug 1256346 for CVE-2023-54122",
"url": "https://bugzilla.suse.com/1256346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54122"
},
{
"cve": "CVE-2023-54123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix memleak for \u0027conf-\u003ebio_split\u0027\n\nIn the error path of raid10_run(), \u0027conf\u0027 need be freed, however,\n\u0027conf-\u003ebio_split\u0027 is missed and memory will be leaked.\n\nSince there are 3 places to free \u0027conf\u0027, factor out a helper to fix the\nproblem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54123",
"url": "https://www.suse.com/security/cve/CVE-2023-54123"
},
{
"category": "external",
"summary": "SUSE Bug 1256142 for CVE-2023-54123",
"url": "https://bugzilla.suse.com/1256142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54123"
},
{
"cve": "CVE-2023-54126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: safexcel - Cleanup ring IRQ workqueues on load failure\n\nA failure loading the safexcel driver results in the following warning\non boot, because the IRQ affinity has not been correctly cleaned up.\nEnsure we clean up the affinity and workqueues on a failure to load the\ndriver.\n\ncrypto-safexcel: probe of f2800000.crypto failed with error -2\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 232 at kernel/irq/manage.c:1913 free_irq+0x300/0x340\nModules linked in: hwmon mdio_i2c crypto_safexcel(+) md5 sha256_generic libsha256 authenc libdes omap_rng rng_core nft_masq nft_nat nft_chain_nat nf_nat nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables libcrc32c nfnetlink fuse autofs4\nCPU: 1 PID: 232 Comm: systemd-udevd Tainted: G W 6.1.6-00002-g9d4898824677 #3\nHardware name: MikroTik RB5009 (DT)\npstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : free_irq+0x300/0x340\nlr : free_irq+0x2e0/0x340\nsp : ffff800008fa3890\nx29: ffff800008fa3890 x28: 0000000000000000 x27: 0000000000000000\nx26: ffff8000008e6dc0 x25: ffff000009034cac x24: ffff000009034d50\nx23: 0000000000000000 x22: 000000000000004a x21: ffff0000093e0d80\nx20: ffff000009034c00 x19: ffff00000615fc00 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 000075f5c1584c5e\nx14: 0000000000000017 x13: 0000000000000000 x12: 0000000000000040\nx11: ffff000000579b60 x10: ffff000000579b62 x9 : ffff800008bbe370\nx8 : ffff000000579dd0 x7 : 0000000000000000 x6 : ffff000000579e18\nx5 : ffff000000579da8 x4 : ffff800008ca0000 x3 : ffff800008ca0188\nx2 : 0000000013033204 x1 : ffff000009034c00 x0 : ffff8000087eadf0\nCall trace:\n free_irq+0x300/0x340\n devm_irq_release+0x14/0x20\n devres_release_all+0xa0/0x100\n device_unbind_cleanup+0x14/0x60\n really_probe+0x198/0x2d4\n __driver_probe_device+0x74/0xdc\n driver_probe_device+0x3c/0x110\n __driver_attach+0x8c/0x190\n bus_for_each_dev+0x6c/0xc0\n driver_attach+0x20/0x30\n bus_add_driver+0x148/0x1fc\n driver_register+0x74/0x120\n __platform_driver_register+0x24/0x30\n safexcel_init+0x48/0x1000 [crypto_safexcel]\n do_one_initcall+0x4c/0x1b0\n do_init_module+0x44/0x1cc\n load_module+0x1724/0x1be4\n __do_sys_finit_module+0xbc/0x110\n __arm64_sys_finit_module+0x1c/0x24\n invoke_syscall+0x44/0x110\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x20/0x80\n el0_svc+0x14/0x4c\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x148/0x14c\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54126",
"url": "https://www.suse.com/security/cve/CVE-2023-54126"
},
{
"category": "external",
"summary": "SUSE Bug 1256118 for CVE-2023-54126",
"url": "https://bugzilla.suse.com/1256118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54126"
},
{
"cve": "CVE-2023-54127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()\n\nSyzkaller reported the following issue:\n==================================================================\nBUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800\nFree of addr ffff888086408000 by task syz-executor.4/12750\n[...]\nCall Trace:\n \u003cTASK\u003e\n[...]\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1386\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1291\n task_work_run+0x243/0x300 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296\n do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n \u003c/TASK\u003e\n\nAllocated by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:580 [inline]\n dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164\n jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121\n jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556\n mount_bdev+0x26c/0x3a0 fs/super.c:1359\n legacy_get_tree+0xea/0x180 fs/fs_context.c:610\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518\n ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3db/0x710 fs/jfs/super.c:454\n reconfigure_super+0x3bc/0x7b0 fs/super.c:935\n vfs_fsconfig_locked fs/fsopen.c:254 [inline]\n __do_sys_fsconfig fs/fsopen.c:439 [inline]\n __se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap wasn\u0027t set to NULL after kfree() in\ndbUnmount().\n\nSyzkaller uses faultinject to reproduce this KASAN double-free\nwarning. The issue is triggered if either diMount() or dbMount() fail\nin jfs_remount(), since diUnmount() or dbUnmount() already happened in\nsuch a case - they will do double-free on next execution: jfs_umount\nor jfs_remount.\n\nTested on both upstream and jfs-next by syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54127",
"url": "https://www.suse.com/security/cve/CVE-2023-54127"
},
{
"category": "external",
"summary": "SUSE Bug 1256119 for CVE-2023-54127",
"url": "https://bugzilla.suse.com/1256119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54127"
},
{
"cve": "CVE-2023-54130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54130"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling\n\nCommit 55d1cbbbb29e (\"hfs/hfsplus: use WARN_ON for sanity check\") fixed\na build warning by turning a comment into a WARN_ON(), but it turns out\nthat syzbot then complains because it can trigger said warning with a\ncorrupted hfs image.\n\nThe warning actually does warn about a bad situation, but we are much\nbetter off just handling it as the error it is. So rather than warn\nabout us doing bad things, stop doing the bad things and return -EIO.\n\nWhile at it, also fix a memory leak that was introduced by an earlier\nfix for a similar syzbot warning situation, and add a check for one case\nthat historically wasn\u0027t handled at all (ie neither comment nor\nsubsequent WARN_ON).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54130",
"url": "https://www.suse.com/security/cve/CVE-2023-54130"
},
{
"category": "external",
"summary": "SUSE Bug 1256114 for CVE-2023-54130",
"url": "https://bugzilla.suse.com/1256114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54130"
},
{
"cve": "CVE-2023-54131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: Fix memory leak when handling surveys\n\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\n\nunreferenced object 0xffff9620f0881a00 (size 512):\n comm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\n hex dump (first 32 bytes):\n 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD..............\n 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffffb0ed858b\u003e] __kmalloc+0x4b/0x130\n [\u003cffffffffc1b0f29b\u003e] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n [\u003cffffffffc1a9496e\u003e] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n [\u003cffffffffc1ae491a\u003e] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n [\u003cffffffffc1b3b83e\u003e] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n [\u003cffffffffc05981e2\u003e] usb_probe_interface+0xe2/0x310 [usbcore]\n [\u003cffffffffb13be2d5\u003e] really_probe+0x1a5/0x410\n [\u003cffffffffb13be5c8\u003e] __driver_probe_device+0x78/0x180\n [\u003cffffffffb13be6fe\u003e] driver_probe_device+0x1e/0x90\n [\u003cffffffffb13be972\u003e] __driver_attach+0xd2/0x1c0\n [\u003cffffffffb13bbc57\u003e] bus_for_each_dev+0x77/0xd0\n [\u003cffffffffb13bd2a2\u003e] bus_add_driver+0x112/0x210\n [\u003cffffffffb13bfc6c\u003e] driver_register+0x5c/0x120\n [\u003cffffffffc0596ae8\u003e] usb_register_driver+0x88/0x150 [usbcore]\n [\u003cffffffffb0c011c4\u003e] do_one_initcall+0x44/0x220\n [\u003cffffffffb0d6134c\u003e] do_init_module+0x4c/0x220\n\nFix this by freeing the channel surveys on device removal.\n\nTested with a RT3070 based USB wireless adapter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54131",
"url": "https://www.suse.com/security/cve/CVE-2023-54131"
},
{
"category": "external",
"summary": "SUSE Bug 1256115 for CVE-2023-54131",
"url": "https://bugzilla.suse.com/1256115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54131"
},
{
"cve": "CVE-2023-54136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sprd: Fix DMA buffer leak issue\n\nRelease DMA buffer when _probe() returns failure to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54136",
"url": "https://www.suse.com/security/cve/CVE-2023-54136"
},
{
"category": "external",
"summary": "SUSE Bug 1256099 for CVE-2023-54136",
"url": "https://bugzilla.suse.com/1256099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54136"
},
{
"cve": "CVE-2023-54140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse\n\nA syzbot stress test using a corrupted disk image reported that\nmark_buffer_dirty() called from __nilfs_mark_inode_dirty() or\nnilfs_palloc_commit_alloc_entry() may output a kernel warning, and can\npanic if the kernel is booted with panic_on_warn.\n\nThis is because nilfs2 keeps buffer pointers in local structures for some\nmetadata and reuses them, but such buffers may be forcibly discarded by\nnilfs_clear_dirty_page() in some critical situations.\n\nThis issue is reported to appear after commit 28a65b49eb53 (\"nilfs2: do\nnot write dirty data after degenerating to read-only\"), but the issue has\npotentially existed before.\n\nFix this issue by checking the uptodate flag when attempting to reuse an\ninternally held buffer, and reloading the metadata instead of reusing the\nbuffer if the flag was lost.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54140",
"url": "https://www.suse.com/security/cve/CVE-2023-54140"
},
{
"category": "external",
"summary": "SUSE Bug 1256093 for CVE-2023-54140",
"url": "https://bugzilla.suse.com/1256093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54140"
},
{
"cve": "CVE-2023-54142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Fix use-after-free in __gtp_encap_destroy().\n\nsyzkaller reported use-after-free in __gtp_encap_destroy(). [0]\n\nIt shows the same process freed sk and touched it illegally.\n\nCommit e198987e7dd7 (\"gtp: fix suspicious RCU usage\") added lock_sock()\nand release_sock() in __gtp_encap_destroy() to protect sk-\u003esk_user_data,\nbut release_sock() is called after sock_put() releases the last refcnt.\n\n[0]:\nBUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\nBUG: KASAN: slab-use-after-free in atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\nBUG: KASAN: slab-use-after-free in queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock include/linux/spinlock.h:186 [inline]\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\nWrite of size 4 at addr ffff88800dbef398 by task syz-executor.2/2401\n\nCPU: 1 PID: 2401 Comm: syz-executor.2 Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x72/0xa0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:351 [inline]\n print_report+0xcc/0x620 mm/kasan/report.c:462\n kasan_report+0xb2/0xe0 mm/kasan/report.c:572\n check_region_inline mm/kasan/generic.c:181 [inline]\n kasan_check_range+0x39/0x1c0 mm/kasan/generic.c:187\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\n queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\n do_raw_spin_lock include/linux/spinlock.h:186 [inline]\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\n _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:355 [inline]\n release_sock+0x1f/0x1a0 net/core/sock.c:3526\n gtp_encap_disable_sock drivers/net/gtp.c:651 [inline]\n gtp_encap_disable+0xb9/0x220 drivers/net/gtp.c:664\n gtp_dev_uninit+0x19/0x50 drivers/net/gtp.c:728\n unregister_netdevice_many_notify+0x97e/0x1520 net/core/dev.c:10841\n rtnl_delete_link net/core/rtnetlink.c:3216 [inline]\n rtnl_dellink+0x3c0/0xb30 net/core/rtnetlink.c:3268\n rtnetlink_rcv_msg+0x450/0xb10 net/core/rtnetlink.c:6423\n netlink_rcv_skb+0x15d/0x450 net/netlink/af_netlink.c:2548\n netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\n netlink_unicast+0x700/0x930 net/netlink/af_netlink.c:1365\n netlink_sendmsg+0x91c/0xe30 net/netlink/af_netlink.c:1913\n sock_sendmsg_nosec net/socket.c:724 [inline]\n sock_sendmsg+0x1b7/0x200 net/socket.c:747\n ____sys_sendmsg+0x75a/0x990 net/socket.c:2493\n ___sys_sendmsg+0x11d/0x1c0 net/socket.c:2547\n __sys_sendmsg+0xfe/0x1d0 net/socket.c:2576\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f1168b1fe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f1167edccc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f1168b1fe5d\nRDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f1168b80530 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 1483:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54142",
"url": "https://www.suse.com/security/cve/CVE-2023-54142"
},
{
"category": "external",
"summary": "SUSE Bug 1256095 for CVE-2023-54142",
"url": "https://bugzilla.suse.com/1256095"
},
{
"category": "external",
"summary": "SUSE Bug 1256097 for CVE-2023-54142",
"url": "https://bugzilla.suse.com/1256097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-54142"
},
{
"cve": "CVE-2023-54146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: Fix double-free of elf header buffer\n\nAfter\n\n b3e34a47f989 (\"x86/kexec: fix memory leak of elf header buffer\"),\n\nfreeing image-\u003eelf_headers in the error path of crash_load_segments()\nis not needed because kimage_file_post_load_cleanup() will take\ncare of that later. And not clearing it could result in a double-free.\n\nDrop the superfluous vfree() call at the error path of\ncrash_load_segments().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54146",
"url": "https://www.suse.com/security/cve/CVE-2023-54146"
},
{
"category": "external",
"summary": "SUSE Bug 1256091 for CVE-2023-54146",
"url": "https://bugzilla.suse.com/1256091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54146"
},
{
"cve": "CVE-2023-54150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix an out of bounds error in BIOS parser\n\nThe array is hardcoded to 8 in atomfirmware.h, but firmware provides\na bigger one sometimes. Deferencing the larger array causes an out\nof bounds error.\n\ncommit 4fc1ba4aa589 (\"drm/amd/display: fix array index out of bound error\nin bios parser\") fixed some of this, but there are two other cases\nnot covered by it. Fix those as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54150",
"url": "https://www.suse.com/security/cve/CVE-2023-54150"
},
{
"category": "external",
"summary": "SUSE Bug 1256086 for CVE-2023-54150",
"url": "https://bugzilla.suse.com/1256086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54150"
},
{
"cve": "CVE-2023-54153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: turn quotas off if mount failed after enabling quotas\n\nYi found during a review of the patch \"ext4: don\u0027t BUG on inconsistent\njournal feature\" that when ext4_mark_recovery_complete() returns an error\nvalue, the error handling path does not turn off the enabled quotas,\nwhich triggers the following kmemleak:\n\n================================================================\nunreferenced object 0xffff8cf68678e7c0 (size 64):\ncomm \"mount\", pid 746, jiffies 4294871231 (age 11.540s)\nhex dump (first 32 bytes):\n00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00 ............A...\nc7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00 ............H...\nbacktrace:\n[\u003c00000000c561ef24\u003e] __kmem_cache_alloc_node+0x4d4/0x880\n[\u003c00000000d4e621d7\u003e] kmalloc_trace+0x39/0x140\n[\u003c00000000837eee74\u003e] v2_read_file_info+0x18a/0x3a0\n[\u003c0000000088f6c877\u003e] dquot_load_quota_sb+0x2ed/0x770\n[\u003c00000000340a4782\u003e] dquot_load_quota_inode+0xc6/0x1c0\n[\u003c0000000089a18bd5\u003e] ext4_enable_quotas+0x17e/0x3a0 [ext4]\n[\u003c000000003a0268fa\u003e] __ext4_fill_super+0x3448/0x3910 [ext4]\n[\u003c00000000b0f2a8a8\u003e] ext4_fill_super+0x13d/0x340 [ext4]\n[\u003c000000004a9489c4\u003e] get_tree_bdev+0x1dc/0x370\n[\u003c000000006e723bf1\u003e] ext4_get_tree+0x1d/0x30 [ext4]\n[\u003c00000000c7cb663d\u003e] vfs_get_tree+0x31/0x160\n[\u003c00000000320e1bed\u003e] do_new_mount+0x1d5/0x480\n[\u003c00000000c074654c\u003e] path_mount+0x22e/0xbe0\n[\u003c0000000003e97a8e\u003e] do_mount+0x95/0xc0\n[\u003c000000002f3d3736\u003e] __x64_sys_mount+0xc4/0x160\n[\u003c0000000027d2140c\u003e] do_syscall_64+0x3f/0x90\n================================================================\n\nTo solve this problem, we add a \"failed_mount10\" tag, and call\next4_quota_off_umount() in this tag to release the enabled qoutas.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54153",
"url": "https://www.suse.com/security/cve/CVE-2023-54153"
},
{
"category": "external",
"summary": "SUSE Bug 1256081 for CVE-2023-54153",
"url": "https://bugzilla.suse.com/1256081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54153"
},
{
"cve": "CVE-2023-54156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix crash when reading stats while NIC is resetting\n\nefx_net_stats() (.ndo_get_stats64) can be called during an ethtool\n selftest, during which time nic_data-\u003emc_stats is NULL as the NIC has\n been fini\u0027d. In this case do not attempt to fetch the latest stats\n from the hardware, else we will crash on a NULL dereference:\n BUG: kernel NULL pointer dereference, address: 0000000000000038\n RIP efx_nic_update_stats\n abridged calltrace:\n efx_ef10_update_stats_pf\n efx_net_stats\n dev_get_stats\n dev_seq_printf_stats\nSkipping the read is safe, we will simply give out stale stats.\nTo ensure that the free in efx_ef10_fini_nic() does not race against\n efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the\n efx-\u003estats_lock in fini_nic (it is already held across update_stats).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54156",
"url": "https://www.suse.com/security/cve/CVE-2023-54156"
},
{
"category": "external",
"summary": "SUSE Bug 1255704 for CVE-2023-54156",
"url": "https://bugzilla.suse.com/1255704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54156"
},
{
"cve": "CVE-2023-54159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix kernel panic at qmu transfer done irq handler\n\nWhen handle qmu transfer irq, it will unlock @mtu-\u003elock before give back\nrequest, if another thread handle disconnect event at the same time, and\ntry to disable ep, it may lock @mtu-\u003elock and free qmu ring, then qmu\nirq hanlder may get a NULL gpd, avoid the KE by checking gpd\u0027s value before\nhandling it.\n\ne.g.\nqmu done irq on cpu0 thread running on cpu1\n\nqmu_done_tx()\n handle gpd [0]\n mtu3_requ_complete() mtu3_gadget_ep_disable()\n unlock @mtu-\u003elock\n give back request lock @mtu-\u003elock\n mtu3_ep_disable()\n mtu3_gpd_ring_free()\n unlock @mtu-\u003elock\n lock @mtu-\u003elock\n get next gpd [1]\n\n[1]: goto [0] to handle next gpd, and next gpd may be NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54159",
"url": "https://www.suse.com/security/cve/CVE-2023-54159"
},
{
"category": "external",
"summary": "SUSE Bug 1255697 for CVE-2023-54159",
"url": "https://bugzilla.suse.com/1255697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54159"
},
{
"cve": "CVE-2023-54166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Fix Kernel Panic during ndo_tx_timeout callback\n\nThe Xeon validation group has been carrying out some loaded tests\nwith various HW configurations, and they have seen some transmit\nqueue time out happening during the test. This will cause the\nreset adapter function to be called by igc_tx_timeout().\nSimilar race conditions may arise when the interface is being brought\ndown and up in igc_reinit_locked(), an interrupt being generated, and\nigc_clean_tx_irq() being called to complete the TX.\n\nWhen the igc_tx_timeout() function is invoked, this patch will turn\noff all TX ring HW queues during igc_down() process. TX ring HW queues\nwill be activated again during the igc_configure_tx_ring() process\nwhen performing the igc_up() procedure later.\n\nThis patch also moved existing igc_disable_tx_ring_hw() to avoid using\nforward declaration.\n\nKernel trace:\n[ 7678.747813] ------------[ cut here ]------------\n[ 7678.757914] NETDEV WATCHDOG: enp1s0 (igc): transmit queue 2 timed out\n[ 7678.770117] WARNING: CPU: 0 PID: 13 at net/sched/sch_generic.c:525 dev_watchdog+0x1ae/0x1f0\n[ 7678.784459] Modules linked in: xt_conntrack nft_chain_nat xt_MASQUERADE xt_addrtype nft_compat\nnf_tables nfnetlink br_netfilter bridge stp llc overlay dm_mod emrcha(PO) emriio(PO) rktpm(PO)\ncegbuf_mod(PO) patch_update(PO) se(PO) sgx_tgts(PO) mktme(PO) keylocker(PO) svtdx(PO) svfs_pci_hotplug(PO)\nvtd_mod(PO) davemem(PO) svmabort(PO) svindexio(PO) usbx2(PO) ehci_sched(PO) svheartbeat(PO) ioapic(PO)\nsv8259(PO) svintr(PO) lt(PO) pcierootport(PO) enginefw_mod(PO) ata(PO) smbus(PO) spiflash_cdf(PO) arden(PO)\ndsa_iax(PO) oobmsm_punit(PO) cpm(PO) svkdb(PO) ebg_pch(PO) pch(PO) sviotargets(PO) svbdf(PO) svmem(PO)\nsvbios(PO) dram(PO) svtsc(PO) targets(PO) superio(PO) svkernel(PO) cswitch(PO) mcf(PO) pentiumIII_mod(PO)\nfs_svfs(PO) mdevdefdb(PO) svfs_os_services(O) ixgbe mdio mdio_devres libphy emeraldrapids_svdefs(PO)\nregsupport(O) libnvdimm nls_cp437 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel\nsnd_intel_dspcfg snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core snd_pcm snd_timer isst_if_mbox_pci\n[ 7678.784496] input_leds isst_if_mmio sg snd isst_if_common soundcore wmi button sad9(O) drm fuse backlight\nconfigfs efivarfs ip_tables x_tables vmd sdhci led_class rtl8150 r8152 hid_generic pegasus mmc_block usbhid\nmmc_core hid megaraid_sas ixgb igb i2c_algo_bit ice i40e hpsa scsi_transport_sas e1000e e1000 e100 ax88179_178a\nusbnet xhci_pci sd_mod xhci_hcd t10_pi crc32c_intel crc64_rocksoft igc crc64 crc_t10dif usbcore\ncrct10dif_generic ptp crct10dif_common usb_common pps_core\n[ 7679.200403] RIP: 0010:dev_watchdog+0x1ae/0x1f0\n[ 7679.210201] Code: 28 e9 53 ff ff ff 4c 89 e7 c6 05 06 42 b9 00 01 e8 17 d1 fb ff 44 89 e9 4c\n89 e6 48 c7 c7 40 ad fb 81 48 89 c2 e8 52 62 82 ff \u003c0f\u003e 0b e9 72 ff ff ff 65 8b 05 80 7d 7c 7e\n89 c0 48 0f a3 05 0a c1\n[ 7679.245438] RSP: 0018:ffa00000001f7d90 EFLAGS: 00010282\n[ 7679.256021] RAX: 0000000000000000 RBX: ff11000109938440 RCX: 0000000000000000\n[ 7679.268710] RDX: ff11000361e26cd8 RSI: ff11000361e1b880 RDI: ff11000361e1b880\n[ 7679.281314] RBP: ffa00000001f7da8 R08: ff1100035f8fffe8 R09: 0000000000027ffb\n[ 7679.293840] R10: 0000000000001f0a R11: ff1100035f840000 R12: ff11000109938000\n[ 7679.306276] R13: 0000000000000002 R14: dead000000000122 R15: ffa00000001f7e18\n[ 7679.318648] FS: 0000000000000000(0000) GS:ff11000361e00000(0000) knlGS:0000000000000000\n[ 7679.332064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7679.342757] CR2: 00007ffff7fca168 CR3: 000000013b08a006 CR4: 0000000000471ef8\n[ 7679.354984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 7679.367207] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 7679.379370] PKRU: 55555554\n[ 7679.386446] Call Trace:\n[ 7679.393152] \u003cTASK\u003e\n[ 7679.399363] ? __pfx_dev_watchdog+0x10/0x10\n[ 7679.407870] call_timer_fn+0x31/0x110\n[ 7679.415698] e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54166",
"url": "https://www.suse.com/security/cve/CVE-2023-54166"
},
{
"category": "external",
"summary": "SUSE Bug 1256074 for CVE-2023-54166",
"url": "https://bugzilla.suse.com/1256074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54166"
},
{
"cve": "CVE-2023-54168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Prevent shift wrapping in set_user_sq_size()\n\nThe ucmd-\u003elog_sq_bb_count variable is controlled by the user so this\nshift can wrap. Fix it by using check_shl_overflow() in the same way\nthat it was done in commit 515f60004ed9 (\"RDMA/hns: Prevent undefined\nbehavior in hns_roce_set_user_sq_size()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54168",
"url": "https://www.suse.com/security/cve/CVE-2023-54168"
},
{
"category": "external",
"summary": "SUSE Bug 1256053 for CVE-2023-54168",
"url": "https://bugzilla.suse.com/1256053"
},
{
"category": "external",
"summary": "SUSE Bug 1256054 for CVE-2023-54168",
"url": "https://bugzilla.suse.com/1256054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2023-54168"
},
{
"cve": "CVE-2023-54170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix linking a duplicate key to a keyring\u0027s assoc_array\n\nWhen making a DNS query inside the kernel using dns_query(), the request\ncode can in rare cases end up creating a duplicate index key in the\nassoc_array of the destination keyring. It is eventually found by\na BUG_ON() check in the assoc_array implementation and results in\na crash.\n\nExample report:\n[2158499.700025] kernel BUG at ../lib/assoc_array.c:652!\n[2158499.700039] invalid opcode: 0000 [#1] SMP PTI\n[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3\n[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs]\n[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40\n[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff \u003c0f\u003e 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f\n[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282\n[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005\n[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000\n[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28\n[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740\n[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000\n[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0\n[2158499.700702] Call Trace:\n[2158499.700741] ? key_alloc+0x447/0x4b0\n[2158499.700768] ? __key_link_begin+0x43/0xa0\n[2158499.700790] __key_link_begin+0x43/0xa0\n[2158499.700814] request_key_and_link+0x2c7/0x730\n[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver]\n[2158499.700873] ? key_default_cmp+0x20/0x20\n[2158499.700898] request_key_tag+0x43/0xa0\n[2158499.700926] dns_query+0x114/0x2ca [dns_resolver]\n[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs]\n[2158499.701164] ? scnprintf+0x49/0x90\n[2158499.701190] ? __switch_to_asm+0x40/0x70\n[2158499.701211] ? __switch_to_asm+0x34/0x70\n[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs]\n[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs]\n[2158499.701632] process_one_work+0x1f8/0x3e0\n[2158499.701658] worker_thread+0x2d/0x3f0\n[2158499.701682] ? process_one_work+0x3e0/0x3e0\n[2158499.701703] kthread+0x10d/0x130\n[2158499.701723] ? kthread_park+0xb0/0xb0\n[2158499.701746] ret_from_fork+0x1f/0x40\n\nThe situation occurs as follows:\n* Some kernel facility invokes dns_query() to resolve a hostname, for\n example, \"abcdef\". The function registers its global DNS resolver\n cache as current-\u003ecred.thread_keyring and passes the query to\n request_key_net() -\u003e request_key_tag() -\u003e request_key_and_link().\n* Function request_key_and_link() creates a keyring_search_context\n object. Its match_data.cmp method gets set via a call to\n type-\u003ematch_preparse() (resolves to dns_resolver_match_preparse()) to\n dns_resolver_cmp().\n* Function request_key_and_link() continues and invokes\n search_process_keyrings_rcu() which returns that a given key was not\n found. The control is then passed to request_key_and_link() -\u003e\n construct_alloc_key().\n* Concurrently to that, a second task similarly makes a DNS query for\n \"abcdef.\" and its result gets inserted into the DNS resolver cache.\n* Back on the first task, function construct_alloc_key() first runs\n __key_link_begin() to determine an assoc_array_edit operation to\n insert a new key. Index keys in the array are compared exactly as-is,\n using keyring_compare_object(). The operation \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54170",
"url": "https://www.suse.com/security/cve/CVE-2023-54170"
},
{
"category": "external",
"summary": "SUSE Bug 1256045 for CVE-2023-54170",
"url": "https://bugzilla.suse.com/1256045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54170"
},
{
"cve": "CVE-2023-54171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak of iter-\u003etemp when reading trace_pipe\n\nkmemleak reports:\n unreferenced object 0xffff88814d14e200 (size 256):\n comm \"cat\", pid 336, jiffies 4294871818 (age 779.490s)\n hex dump (first 32 bytes):\n 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................\n 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z......\n backtrace:\n [\u003cffffffff9bdff18f\u003e] __kmalloc+0x4f/0x140\n [\u003cffffffff9bc9238b\u003e] trace_find_next_entry+0xbb/0x1d0\n [\u003cffffffff9bc9caef\u003e] trace_print_lat_context+0xaf/0x4e0\n [\u003cffffffff9bc94490\u003e] print_trace_line+0x3e0/0x950\n [\u003cffffffff9bc95499\u003e] tracing_read_pipe+0x2d9/0x5a0\n [\u003cffffffff9bf03a43\u003e] vfs_read+0x143/0x520\n [\u003cffffffff9bf04c2d\u003e] ksys_read+0xbd/0x160\n [\u003cffffffff9d0f0edf\u003e] do_syscall_64+0x3f/0x90\n [\u003cffffffff9d2000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nwhen reading file \u0027trace_pipe\u0027, \u0027iter-\u003etemp\u0027 is allocated or relocated\nin trace_find_next_entry() but not freed before \u0027trace_pipe\u0027 is closed.\n\nTo fix it, free \u0027iter-\u003etemp\u0027 in tracing_release_pipe().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54171",
"url": "https://www.suse.com/security/cve/CVE-2023-54171"
},
{
"category": "external",
"summary": "SUSE Bug 1256034 for CVE-2023-54171",
"url": "https://bugzilla.suse.com/1256034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54171"
},
{
"cve": "CVE-2023-54173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Disable preemption in bpf_event_output\n\nWe received report [1] of kernel crash, which is caused by\nusing nesting protection without disabled preemption.\n\nThe bpf_event_output can be called by programs executed by\nbpf_prog_run_array_cg function that disabled migration but\nkeeps preemption enabled.\n\nThis can cause task to be preempted by another one inside the\nnesting protection and lead eventually to two tasks using same\nperf_sample_data buffer and cause crashes like:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000001\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n ...\n ? perf_output_sample+0x12a/0x9a0\n ? finish_task_switch.isra.0+0x81/0x280\n ? perf_event_output+0x66/0xa0\n ? bpf_event_output+0x13a/0x190\n ? bpf_event_output_data+0x22/0x40\n ? bpf_prog_dfc84bbde731b257_cil_sock4_connect+0x40a/0xacb\n ? xa_load+0x87/0xe0\n ? __cgroup_bpf_run_filter_sock_addr+0xc1/0x1a0\n ? release_sock+0x3e/0x90\n ? sk_setsockopt+0x1a1/0x12f0\n ? udp_pre_connect+0x36/0x50\n ? inet_dgram_connect+0x93/0xa0\n ? __sys_connect+0xb4/0xe0\n ? udp_setsockopt+0x27/0x40\n ? __pfx_udp_push_pending_frames+0x10/0x10\n ? __sys_setsockopt+0xdf/0x1a0\n ? __x64_sys_connect+0xf/0x20\n ? do_syscall_64+0x3a/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFixing this by disabling preemption in bpf_event_output.\n\n[1] https://github.com/cilium/cilium/issues/26756",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54173",
"url": "https://www.suse.com/security/cve/CVE-2023-54173"
},
{
"category": "external",
"summary": "SUSE Bug 1255996 for CVE-2023-54173",
"url": "https://bugzilla.suse.com/1255996"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54173"
},
{
"cve": "CVE-2023-54177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nquota: fix warning in dqgrab()\n\nThere\u0027s issue as follows when do fault injection:\nWARNING: CPU: 1 PID: 14870 at include/linux/quotaops.h:51 dquot_disable+0x13b7/0x18c0\nModules linked in:\nCPU: 1 PID: 14870 Comm: fsconfig Not tainted 6.3.0-next-20230505-00006-g5107a9c821af-dirty #541\nRIP: 0010:dquot_disable+0x13b7/0x18c0\nRSP: 0018:ffffc9000acc79e0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88825e41b980\nRDX: 0000000000000000 RSI: ffff88825e41b980 RDI: 0000000000000002\nRBP: ffff888179f68000 R08: ffffffff82087ca7 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffed102f3ed026 R12: ffff888179f68130\nR13: ffff888179f68110 R14: dffffc0000000000 R15: ffff888179f68118\nFS: 00007f450a073740(0000) GS:ffff88882fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe96f2efd8 CR3: 000000025c8ad000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n dquot_load_quota_sb+0xd53/0x1060\n dquot_resume+0x172/0x230\n ext4_reconfigure+0x1dc6/0x27b0\n reconfigure_super+0x515/0xa90\n __x64_sys_fsconfig+0xb19/0xd20\n do_syscall_64+0x39/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue may happens as follows:\nProcessA ProcessB ProcessC\nsys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_suspend -\u003e suspend all type quota\n\n sys_fsconfig\n vfs_fsconfig_locked\n reconfigure_super\n ext4_remount\n dquot_resume\n ret = dquot_load_quota_sb\n add_dquot_ref\n do_open -\u003e open file O_RDWR\n vfs_open\n do_dentry_open\n get_write_access\n atomic_inc_unless_negative(\u0026inode-\u003ei_writecount)\n ext4_file_open\n dquot_file_open\n dquot_initialize\n __dquot_initialize\n dqget\n\t\t\t\t\t\t atomic_inc(\u0026dquot-\u003edq_count);\n\n __dquot_initialize\n __dquot_initialize\n dqget\n if (!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n ext4_acquire_dquot\n\t\t\t -\u003e Return error DQ_ACTIVE_B flag isn\u0027t set\n dquot_disable\n\t\t\t invalidate_dquots\n\t\t\t if (atomic_read(\u0026dquot-\u003edq_count))\n\t dqgrab\n\t\t\t WARN_ON_ONCE(!test_bit(DQ_ACTIVE_B, \u0026dquot-\u003edq_flags))\n\t -\u003e Trigger warning\n\nIn the above scenario, \u0027dquot-\u003edq_flags\u0027 has no DQ_ACTIVE_B is normal when\ndqgrab().\nTo solve above issue just replace the dqgrab() use in invalidate_dquots() with\natomic_inc(\u0026dquot-\u003edq_count).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54177",
"url": "https://www.suse.com/security/cve/CVE-2023-54177"
},
{
"category": "external",
"summary": "SUSE Bug 1255993 for CVE-2023-54177",
"url": "https://bugzilla.suse.com/1255993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54177"
},
{
"cve": "CVE-2023-54179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Array index may go out of bound\n\nKlocwork reports array \u0027vha-\u003ehost_str\u0027 of size 16 may use index value(s)\n16..19. Use snprintf() instead of sprintf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54179",
"url": "https://www.suse.com/security/cve/CVE-2023-54179"
},
{
"category": "external",
"summary": "SUSE Bug 1255994 for CVE-2023-54179",
"url": "https://bugzilla.suse.com/1255994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54179"
},
{
"cve": "CVE-2023-54183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()\n\nIf fwnode_graph_get_remote_endpoint() fails, \u0027fwnode\u0027 is known to be NULL,\nso fwnode_handle_put() is a no-op.\n\nRelease the reference taken from a previous fwnode_graph_get_port_parent()\ncall instead.\n\nAlso handle fwnode_graph_get_port_parent() failures.\n\nIn order to fix these issues, add an error handling path to the function\nand the needed gotos.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54183",
"url": "https://www.suse.com/security/cve/CVE-2023-54183"
},
{
"category": "external",
"summary": "SUSE Bug 1255990 for CVE-2023-54183",
"url": "https://bugzilla.suse.com/1255990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54183"
},
{
"cve": "CVE-2023-54186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: fix pin_assignment_show\n\nThis patch fixes negative indexing of buf array in pin_assignment_show\nwhen get_current_pin_assignments returns 0 i.e. no compatible pin\nassignments are found.\n\nBUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c\n...\nCall trace:\ndump_backtrace+0x110/0x204\ndump_stack_lvl+0x84/0xbc\nprint_report+0x358/0x974\nkasan_report+0x9c/0xfc\n__do_kernel_fault+0xd4/0x2d4\ndo_bad_area+0x48/0x168\ndo_tag_check_fault+0x24/0x38\ndo_mem_abort+0x6c/0x14c\nel1_abort+0x44/0x68\nel1h_64_sync_handler+0x64/0xa4\nel1h_64_sync+0x78/0x7c\npin_assignment_show+0x26c/0x33c\ndev_attr_show+0x50/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54186",
"url": "https://www.suse.com/security/cve/CVE-2023-54186"
},
{
"category": "external",
"summary": "SUSE Bug 1255985 for CVE-2023-54186",
"url": "https://bugzilla.suse.com/1255985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54186"
},
{
"cve": "CVE-2023-54189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Add check for kstrdup\n\nAdd check for the return value of kstrdup() and return the error\nif it fails in order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54189",
"url": "https://www.suse.com/security/cve/CVE-2023-54189"
},
{
"category": "external",
"summary": "SUSE Bug 1255978 for CVE-2023-54189",
"url": "https://bugzilla.suse.com/1255978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54189"
},
{
"cve": "CVE-2023-54190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: led-core: Fix refcount leak in of_led_get()\n\nclass_find_device_by_of_node() calls class_find_device(), it will take\nthe reference, use the put_device() to drop the reference when not need\nanymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54190",
"url": "https://www.suse.com/security/cve/CVE-2023-54190"
},
{
"category": "external",
"summary": "SUSE Bug 1255979 for CVE-2023-54190",
"url": "https://bugzilla.suse.com/1255979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54190"
},
{
"cve": "CVE-2023-54197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work\"\n\nThis reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.\n\nThis patch introduces a possible null-ptr-def problem. Revert it. And the\nfixed bug by this patch have resolved by commit 73f7b171b7c0 (\"Bluetooth:\nbtsdio: fix use after free bug in btsdio_remove due to race condition\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54197",
"url": "https://www.suse.com/security/cve/CVE-2023-54197"
},
{
"category": "external",
"summary": "SUSE Bug 1255969 for CVE-2023-54197",
"url": "https://bugzilla.suse.com/1255969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54197"
},
{
"cve": "CVE-2023-54198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix out-of-bounds access in tty_driver_lookup_tty()\n\nWhen specifying an invalid console= device like console=tty3270,\ntty_driver_lookup_tty() returns the tty struct without checking\nwhether index is a valid number.\n\nTo reproduce:\n\nqemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \\\n-kernel ../linux-build-x86/arch/x86/boot/bzImage \\\n-append \"console=ttyS0 console=tty3270\"\n\nThis crashes with:\n\n[ 0.770599] BUG: kernel NULL pointer dereference, address: 00000000000000ef\n[ 0.771265] #PF: supervisor read access in kernel mode\n[ 0.771773] #PF: error_code(0x0000) - not-present page\n[ 0.772609] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 0.774878] RIP: 0010:tty_open+0x268/0x6f0\n[ 0.784013] chrdev_open+0xbd/0x230\n[ 0.784444] ? cdev_device_add+0x80/0x80\n[ 0.784920] do_dentry_open+0x1e0/0x410\n[ 0.785389] path_openat+0xca9/0x1050\n[ 0.785813] do_filp_open+0xaa/0x150\n[ 0.786240] file_open_name+0x133/0x1b0\n[ 0.786746] filp_open+0x27/0x50\n[ 0.787244] console_on_rootfs+0x14/0x4d\n[ 0.787800] kernel_init_freeable+0x1e4/0x20d\n[ 0.788383] ? rest_init+0xc0/0xc0\n[ 0.788881] kernel_init+0x11/0x120\n[ 0.789356] ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54198",
"url": "https://www.suse.com/security/cve/CVE-2023-54198"
},
{
"category": "external",
"summary": "SUSE Bug 1255970 for CVE-2023-54198",
"url": "https://bugzilla.suse.com/1255970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54198"
},
{
"cve": "CVE-2023-54199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54199"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()\n\nFix the below kernel panic due to null pointer access:\n[ 18.504431] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048\n[ 18.513464] Mem abort info:\n[ 18.516346] ESR = 0x0000000096000005\n[ 18.520204] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 18.525706] SET = 0, FnV = 0\n[ 18.528878] EA = 0, S1PTW = 0\n[ 18.532117] FSC = 0x05: level 1 translation fault\n[ 18.537138] Data abort info:\n[ 18.540110] ISV = 0, ISS = 0x00000005\n[ 18.544060] CM = 0, WnR = 0\n[ 18.547109] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000112826000\n[ 18.553738] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 18.562690] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n**Snip**\n[ 18.696758] Call trace:\n[ 18.699278] adreno_gpu_cleanup+0x30/0x88\n[ 18.703396] a6xx_destroy+0xc0/0x130\n[ 18.707066] a6xx_gpu_init+0x308/0x424\n[ 18.710921] adreno_bind+0x178/0x288\n[ 18.714590] component_bind_all+0xe0/0x214\n[ 18.718797] msm_drm_bind+0x1d4/0x614\n[ 18.722566] try_to_bring_up_aggregate_device+0x16c/0x1b8\n[ 18.728105] __component_add+0xa0/0x158\n[ 18.732048] component_add+0x20/0x2c\n[ 18.735719] adreno_probe+0x40/0xc0\n[ 18.739300] platform_probe+0xb4/0xd4\n[ 18.743068] really_probe+0xfc/0x284\n[ 18.746738] __driver_probe_device+0xc0/0xec\n[ 18.751129] driver_probe_device+0x48/0x110\n[ 18.755421] __device_attach_driver+0xa8/0xd0\n[ 18.759900] bus_for_each_drv+0x90/0xdc\n[ 18.763843] __device_attach+0xfc/0x174\n[ 18.767786] device_initial_probe+0x20/0x2c\n[ 18.772090] bus_probe_device+0x40/0xa0\n[ 18.776032] deferred_probe_work_func+0x94/0xd0\n[ 18.780686] process_one_work+0x190/0x3d0\n[ 18.784805] worker_thread+0x280/0x3d4\n[ 18.788659] kthread+0x104/0x1c0\n[ 18.791981] ret_from_fork+0x10/0x20\n[ 18.795654] Code: f9400408 aa0003f3 aa1f03f4 91142015 (f9402516)\n[ 18.801913] ---[ end trace 0000000000000000 ]---\n[ 18.809039] Kernel panic - not syncing: Oops: Fatal exception\n\nPatchwork: https://patchwork.freedesktop.org/patch/515605/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54199",
"url": "https://www.suse.com/security/cve/CVE-2023-54199"
},
{
"category": "external",
"summary": "SUSE Bug 1255971 for CVE-2023-54199",
"url": "https://bugzilla.suse.com/1255971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54199"
},
{
"cve": "CVE-2023-54201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix wrong resources deallocation order\n\nWhen trying to destroy QP or CQ, we first decrease the refcount and\npotentially free memory regions allocated for the object and then\nrequest the device to destroy the object. If the device fails, the\nobject isn\u0027t fully destroyed so the user/IB core can try to destroy the\nobject again which will lead to underflow when trying to decrease an\nalready zeroed refcount.\n\nDeallocate resources in reverse order of allocating them to safely free\nthem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54201",
"url": "https://www.suse.com/security/cve/CVE-2023-54201"
},
{
"category": "external",
"summary": "SUSE Bug 1255964 for CVE-2023-54201",
"url": "https://bugzilla.suse.com/1255964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54201"
},
{
"cve": "CVE-2023-54202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix race condition UAF in i915_perf_add_config_ioctl\n\nUserspace can guess the id value and try to race oa_config object creation\nwith config remove, resulting in a use-after-free if we dereference the\nobject after unlocking the metrics_lock. For that reason, unlocking the\nmetrics_lock must be done after we are done dereferencing the object.\n\n[tursulin: Manually added stable tag.]\n(cherry picked from commit 49f6f6483b652108bcb73accd0204a464b922395)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54202",
"url": "https://www.suse.com/security/cve/CVE-2023-54202"
},
{
"category": "external",
"summary": "SUSE Bug 1255880 for CVE-2023-54202",
"url": "https://bugzilla.suse.com/1255880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54202"
},
{
"cve": "CVE-2023-54205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain\n\nof_irq_find_parent() returns a node pointer with refcount incremented,\nWe should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54205",
"url": "https://www.suse.com/security/cve/CVE-2023-54205"
},
{
"category": "external",
"summary": "SUSE Bug 1255968 for CVE-2023-54205",
"url": "https://bugzilla.suse.com/1255968"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54205"
},
{
"cve": "CVE-2023-54208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ov5675: Fix memleak in ov5675_init_controls()\n\nThere is a kmemleak when testing the media/i2c/ov5675.c with bpf mock\ndevice:\n\nAssertionError: unreferenced object 0xffff888107362160 (size 16):\n comm \"python3\", pid 277, jiffies 4294832798 (age 20.722s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000abe7d67c\u003e] __kmalloc_node+0x44/0x1b0\n [\u003c000000008a725aac\u003e] kvmalloc_node+0x34/0x180\n [\u003c000000009a53cd11\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180\n[videodev]\n [\u003c0000000055b46db0\u003e] ov5675_probe+0x38b/0x897 [ov5675]\n [\u003c00000000153d886c\u003e] i2c_device_probe+0x28d/0x680\n [\u003c000000004afb7e8f\u003e] really_probe+0x17c/0x3f0\n [\u003c00000000ff2f18e4\u003e] __driver_probe_device+0xe3/0x170\n [\u003c000000000a001029\u003e] driver_probe_device+0x49/0x120\n [\u003c00000000e39743c7\u003e] __device_attach_driver+0xf7/0x150\n [\u003c00000000d32fd070\u003e] bus_for_each_drv+0x114/0x180\n [\u003c000000009083ac41\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000015b4a830\u003e] bus_probe_device+0x126/0x140\n [\u003c000000007813deaf\u003e] device_add+0x810/0x1130\n [\u003c000000007becb867\u003e] i2c_new_client_device+0x386/0x540\n [\u003c000000007f9cf4b4\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000ebfdd032\u003e] of_i2c_notify+0xfc/0x1f0\n\nov5675_init_controls() won\u0027t clean all the allocated resources in fail\npath, which may causes the memleaks. Add v4l2_ctrl_handler_free() to\nprevent memleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54208",
"url": "https://www.suse.com/security/cve/CVE-2023-54208"
},
{
"category": "external",
"summary": "SUSE Bug 1255962 for CVE-2023-54208",
"url": "https://bugzilla.suse.com/1255962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54208"
},
{
"cve": "CVE-2023-54211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix warning in trace_buffered_event_disable()\n\nWarning happened in trace_buffered_event_disable() at\n WARN_ON_ONCE(!trace_buffered_event_ref)\n\n Call Trace:\n ? __warn+0xa5/0x1b0\n ? trace_buffered_event_disable+0x189/0x1b0\n __ftrace_event_enable_disable+0x19e/0x3e0\n free_probe_data+0x3b/0xa0\n unregister_ftrace_function_probe_func+0x6b8/0x800\n event_enable_func+0x2f0/0x3d0\n ftrace_process_regex.isra.0+0x12d/0x1b0\n ftrace_filter_write+0xe6/0x140\n vfs_write+0x1c9/0x6f0\n [...]\n\nThe cause of the warning is in __ftrace_event_enable_disable(),\ntrace_buffered_event_enable() was called once while\ntrace_buffered_event_disable() was called twice.\nReproduction script show as below, for analysis, see the comments:\n ```\n #!/bin/bash\n\n cd /sys/kernel/tracing/\n\n # 1. Register a \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was set;\n # 2) trace_buffered_event_enable() was called first time;\n echo \u0027cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n\n # 2. Enable the event registered, then:\n # 1) SOFT_DISABLED_BIT was cleared;\n # 2) trace_buffered_event_disable() was called first time;\n echo 1 \u003e events/initcall/initcall_finish/enable\n\n # 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was\n # set again!!!\n cat /proc/cmdline\n\n # 4. Unregister the \u0027disable_event\u0027 command, then:\n # 1) SOFT_DISABLED_BIT was cleared again;\n # 2) trace_buffered_event_disable() was called second time!!!\n echo \u0027!cmdline_proc_show:disable_event:initcall:initcall_finish\u0027 \u003e \\\n set_ftrace_filter\n ```\n\nTo fix it, IIUC, we can change to call trace_buffered_event_enable() at\nfist time soft-mode enabled, and call trace_buffered_event_disable() at\nlast time soft-mode disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54211",
"url": "https://www.suse.com/security/cve/CVE-2023-54211"
},
{
"category": "external",
"summary": "SUSE Bug 1255843 for CVE-2023-54211",
"url": "https://bugzilla.suse.com/1255843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54211"
},
{
"cve": "CVE-2023-54213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: sisusbvga: Add endpoint checks\n\nThe syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver:\n\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 6c 50 80 fb 48 8b 7c 24 18 e8 62 1a 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 b1 fa 8a e8 84 b0 be 03 \u003c0f\u003e 0b e9 58 f8 ff ff e8 3e 50 80 fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc90000a1ed18 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff888012783a80 RSI: ffffffff816680ec RDI: fffff52000143d95\nRBP: ffff888079020000 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000003\nR13: ffff888017d33370 R14: 0000000000000003 R15: ffff888021213600\nFS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005592753a60b0 CR3: 0000000022899000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sisusb_bulkout_msg drivers/usb/misc/sisusbvga/sisusbvga.c:224 [inline]\n sisusb_send_bulk_msg.constprop.0+0x904/0x1230 drivers/usb/misc/sisusbvga/sisusbvga.c:379\n sisusb_send_bridge_packet drivers/usb/misc/sisusbvga/sisusbvga.c:567 [inline]\n sisusb_do_init_gfxdevice drivers/usb/misc/sisusbvga/sisusbvga.c:2077 [inline]\n sisusb_init_gfxdevice+0x87b/0x4000 drivers/usb/misc/sisusbvga/sisusbvga.c:2177\n sisusb_probe+0x9cd/0xbe2 drivers/usb/misc/sisusbvga/sisusbvga.c:2869\n...\n\nThe problem was caused by the fact that the driver does not check\nwhether the endpoints it uses are actually present and have the\nappropriate types. This can be fixed by adding a simple check of\nthe endpoints.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54213",
"url": "https://www.suse.com/security/cve/CVE-2023-54213"
},
{
"category": "external",
"summary": "SUSE Bug 1255953 for CVE-2023-54213",
"url": "https://bugzilla.suse.com/1255953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54213"
},
{
"cve": "CVE-2023-54214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix potential user-after-free\n\nThis fixes all instances of which requires to allocate a buffer calling\nalloc_skb which may release the chan lock and reacquire later which\nmakes it possible that the chan is disconnected in the meantime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54214",
"url": "https://www.suse.com/security/cve/CVE-2023-54214"
},
{
"category": "external",
"summary": "SUSE Bug 1255954 for CVE-2023-54214",
"url": "https://bugzilla.suse.com/1255954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54214"
},
{
"cve": "CVE-2023-54219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54219"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"IB/isert: Fix incorrect release of isert connection\"\n\nCommit: 699826f4e30a (\"IB/isert: Fix incorrect release of isert connection\") is\ncausing problems on OPA when DEVICE_REMOVAL is happening.\n\n ------------[ cut here ]------------\n WARNING: CPU: 52 PID: 2117247 at drivers/infiniband/core/cq.c:359\nib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n Modules linked in: nfsd nfs_acl target_core_user uio tcm_fc libfc\nscsi_transport_fc tcm_loop target_core_pscsi target_core_iblock target_core_file\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs\nrfkill rpcrdma rdma_ucm ib_srpt sunrpc ib_isert iscsi_target_mod target_core_mod\nopa_vnic ib_iser libiscsi ib_umad scsi_transport_iscsi rdma_cm ib_ipoib iw_cm\nib_cm hfi1(-) rdmavt ib_uverbs intel_rapl_msr intel_rapl_common sb_edac ib_core\nx86_pkg_temp_thermal intel_powerclamp coretemp i2c_i801 mxm_wmi rapl iTCO_wdt\nipmi_si iTCO_vendor_support mei_me ipmi_devintf mei intel_cstate ioatdma\nintel_uncore i2c_smbus joydev pcspkr lpc_ich ipmi_msghandler acpi_power_meter\nacpi_pad xfs libcrc32c sr_mod sd_mod cdrom t10_pi sg crct10dif_pclmul\ncrc32_pclmul crc32c_intel drm_kms_helper drm_shmem_helper ahci libahci\nghash_clmulni_intel igb drm libata dca i2c_algo_bit wmi fuse\n CPU: 52 PID: 2117247 Comm: modprobe Not tainted 6.5.0-rc1+ #1\n Hardware name: Intel Corporation S2600CWR/S2600CW, BIOS\nSE5C610.86B.01.01.0014.121820151719 12/18/2015\n RIP: 0010:ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n Code: ff 48 8b 43 40 48 8d 7b 40 48 83 e8 40 4c 39 e7 75 b3 49 83\nc4 10 4d 39 fc 75 94 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc \u003c0f\u003e 0b eb a1\n90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f\n RSP: 0018:ffffc10bea13fc80 EFLAGS: 00010206\n RAX: 000000000000010c RBX: ffff9bf5c7e66c00 RCX: 000000008020001d\n RDX: 000000008020001e RSI: fffff175221f9900 RDI: ffff9bf5c7e67640\n RBP: ffff9bf5c7e67600 R08: ffff9bf5c7e64400 R09: 000000008020001d\n R10: 0000000040000000 R11: 0000000000000000 R12: ffff9bee4b1e8a18\n R13: dead000000000122 R14: dead000000000100 R15: ffff9bee4b1e8a38\n FS: 00007ff1e6d38740(0000) GS:ffff9bfd9fb00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005652044ecc68 CR3: 0000000889b5c005 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x80/0x130\n ? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n ? report_bug+0x195/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]\n disable_device+0x9d/0x160 [ib_core]\n __ib_unregister_device+0x42/0xb0 [ib_core]\n ib_unregister_device+0x22/0x30 [ib_core]\n rvt_unregister_device+0x20/0x90 [rdmavt]\n hfi1_unregister_ib_device+0x16/0xf0 [hfi1]\n remove_one+0x55/0x1a0 [hfi1]\n pci_device_remove+0x36/0xa0\n device_release_driver_internal+0x193/0x200\n driver_detach+0x44/0x90\n bus_remove_driver+0x69/0xf0\n pci_unregister_driver+0x2a/0xb0\n hfi1_mod_cleanup+0xc/0x3c [hfi1]\n __do_sys_delete_module.constprop.0+0x17a/0x2f0\n ? exit_to_user_mode_prepare+0xc4/0xd0\n ? syscall_trace_enter.constprop.0+0x126/0x1a0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exc_page_fault+0x65/0x150\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7ff1e643f5ab\n Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3\n66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 \u003c48\u003e 3d 01 f0\nff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffec9103cc8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n RAX: ffffffffffffffda RBX: 00005615267fdc50 RCX: 00007ff1e643f5ab\n RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005615267fdcb8\n RBP: 00005615267fdc50 R08: 0000000000000000 R09: 0000000000000000\n R10: 00007ff1e659eac0 R11: 0000000000000206 R12: 00005615267fdcb8\n R13: 00000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54219",
"url": "https://www.suse.com/security/cve/CVE-2023-54219"
},
{
"category": "external",
"summary": "SUSE Bug 1256231 for CVE-2023-54219",
"url": "https://bugzilla.suse.com/1256231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54219"
},
{
"cve": "CVE-2023-54230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\namba: bus: fix refcount leak\n\ncommit 5de1540b7bc4 (\"drivers/amba: create devices from device tree\")\nincreases the refcount of of_node, but not releases it in\namba_device_release, so there is refcount leak. By using of_node_put\nto avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54230",
"url": "https://www.suse.com/security/cve/CVE-2023-54230"
},
{
"category": "external",
"summary": "SUSE Bug 1255925 for CVE-2023-54230",
"url": "https://bugzilla.suse.com/1255925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54230"
},
{
"cve": "CVE-2023-54236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/net_failover: fix txq exceeding warning\n\nThe failover txq is inited as 16 queues.\nwhen a packet is transmitted from the failover device firstly,\nthe failover device will select the queue which is returned from\nthe primary device if the primary device is UP and running.\nIf the primary device txq is bigger than the default 16,\nit can lead to the following warning:\neth0 selects TX queue 18, but real number of TX queues is 16\n\nThe warning backtrace is:\n[ 32.146376] CPU: 18 PID: 9134 Comm: chronyd Tainted: G E 6.2.8-1.el7.centos.x86_64 #1\n[ 32.147175] Hardware name: Red Hat KVM, BIOS 1.10.2-3.el7_4.1 04/01/2014\n[ 32.147730] Call Trace:\n[ 32.147971] \u003cTASK\u003e\n[ 32.148183] dump_stack_lvl+0x48/0x70\n[ 32.148514] dump_stack+0x10/0x20\n[ 32.148820] netdev_core_pick_tx+0xb1/0xe0\n[ 32.149180] __dev_queue_xmit+0x529/0xcf0\n[ 32.149533] ? __check_object_size.part.0+0x21c/0x2c0\n[ 32.149967] ip_finish_output2+0x278/0x560\n[ 32.150327] __ip_finish_output+0x1fe/0x2f0\n[ 32.150690] ip_finish_output+0x2a/0xd0\n[ 32.151032] ip_output+0x7a/0x110\n[ 32.151337] ? __pfx_ip_finish_output+0x10/0x10\n[ 32.151733] ip_local_out+0x5e/0x70\n[ 32.152054] ip_send_skb+0x19/0x50\n[ 32.152366] udp_send_skb.isra.0+0x163/0x3a0\n[ 32.152736] udp_sendmsg+0xba8/0xec0\n[ 32.153060] ? __folio_memcg_unlock+0x25/0x60\n[ 32.153445] ? __pfx_ip_generic_getfrag+0x10/0x10\n[ 32.153854] ? sock_has_perm+0x85/0xa0\n[ 32.154190] inet_sendmsg+0x6d/0x80\n[ 32.154508] ? inet_sendmsg+0x6d/0x80\n[ 32.154838] sock_sendmsg+0x62/0x70\n[ 32.155152] ____sys_sendmsg+0x134/0x290\n[ 32.155499] ___sys_sendmsg+0x81/0xc0\n[ 32.155828] ? _get_random_bytes.part.0+0x79/0x1a0\n[ 32.156240] ? ip4_datagram_release_cb+0x5f/0x1e0\n[ 32.156649] ? get_random_u16+0x69/0xf0\n[ 32.156989] ? __fget_light+0xcf/0x110\n[ 32.157326] __sys_sendmmsg+0xc4/0x210\n[ 32.157657] ? __sys_connect+0xb7/0xe0\n[ 32.157995] ? __audit_syscall_entry+0xce/0x140\n[ 32.158388] ? syscall_trace_enter.isra.0+0x12c/0x1a0\n[ 32.158820] __x64_sys_sendmmsg+0x24/0x30\n[ 32.159171] do_syscall_64+0x38/0x90\n[ 32.159493] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nFix that by reducing txq number as the non-existent primary-dev does.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54236",
"url": "https://www.suse.com/security/cve/CVE-2023-54236"
},
{
"category": "external",
"summary": "SUSE Bug 1255922 for CVE-2023-54236",
"url": "https://bugzilla.suse.com/1255922"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54236"
},
{
"cve": "CVE-2023-54242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: Fix division by zero error on zero wsum\n\nWhen the weighted sum is zero the calculation of limit causes\na division by zero error. Fix this by continuing to the next level.\n\nThis was discovered by running as root:\n\nstress-ng --ioprio 0\n\nFixes divison by error oops:\n\n[ 521.450556] divide error: 0000 [#1] SMP NOPTI\n[ 521.450766] CPU: 2 PID: 2684464 Comm: stress-ng-iopri Not tainted 6.2.1-1280.native #1\n[ 521.451117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014\n[ 521.451627] RIP: 0010:bfqq_request_over_limit+0x207/0x400\n[ 521.451875] Code: 01 48 8d 0c c8 74 0b 48 8b 82 98 00 00 00 48 8d 0c c8 8b 85 34 ff ff ff 48 89 ca 41 0f af 41 50 48 d1 ea 48 98 48 01 d0 31 d2 \u003c48\u003e f7 f1 41 39 41 48 89 85 34 ff ff ff 0f 8c 7b 01 00 00 49 8b 44\n[ 521.452699] RSP: 0018:ffffb1af84eb3948 EFLAGS: 00010046\n[ 521.452938] RAX: 000000000000003c RBX: 0000000000000000 RCX: 0000000000000000\n[ 521.453262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb1af84eb3978\n[ 521.453584] RBP: ffffb1af84eb3a30 R08: 0000000000000001 R09: ffff8f88ab8a4ba0\n[ 521.453905] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f88ab8a4b18\n[ 521.454224] R13: ffff8f8699093000 R14: 0000000000000001 R15: ffffb1af84eb3970\n[ 521.454549] FS: 00005640b6b0b580(0000) GS:ffff8f88b3880000(0000) knlGS:0000000000000000\n[ 521.454912] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 521.455170] CR2: 00007ffcbcae4e38 CR3: 00000002e46de001 CR4: 0000000000770ee0\n[ 521.455491] PKRU: 55555554\n[ 521.455619] Call Trace:\n[ 521.455736] \u003cTASK\u003e\n[ 521.455837] ? bfq_request_merge+0x3a/0xc0\n[ 521.456027] ? elv_merge+0x115/0x140\n[ 521.456191] bfq_limit_depth+0xc8/0x240\n[ 521.456366] __blk_mq_alloc_requests+0x21a/0x2c0\n[ 521.456577] blk_mq_submit_bio+0x23c/0x6c0\n[ 521.456766] __submit_bio+0xb8/0x140\n[ 521.457236] submit_bio_noacct_nocheck+0x212/0x300\n[ 521.457748] submit_bio_noacct+0x1a6/0x580\n[ 521.458220] submit_bio+0x43/0x80\n[ 521.458660] ext4_io_submit+0x23/0x80\n[ 521.459116] ext4_do_writepages+0x40a/0xd00\n[ 521.459596] ext4_writepages+0x65/0x100\n[ 521.460050] do_writepages+0xb7/0x1c0\n[ 521.460492] __filemap_fdatawrite_range+0xa6/0x100\n[ 521.460979] file_write_and_wait_range+0xbf/0x140\n[ 521.461452] ext4_sync_file+0x105/0x340\n[ 521.461882] __x64_sys_fsync+0x67/0x100\n[ 521.462305] ? syscall_exit_to_user_mode+0x2c/0x1c0\n[ 521.462768] do_syscall_64+0x3b/0xc0\n[ 521.463165] entry_SYSCALL_64_after_hwframe+0x5a/0xc4\n[ 521.463621] RIP: 0033:0x5640b6c56590\n[ 521.464006] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 80 3d 71 70 0e 00 00 74 17 b8 4a 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54242",
"url": "https://www.suse.com/security/cve/CVE-2023-54242"
},
{
"category": "external",
"summary": "SUSE Bug 1255919 for CVE-2023-54242",
"url": "https://bugzilla.suse.com/1255919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54242"
},
{
"cve": "CVE-2023-54243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ebtables: fix table blob use-after-free\n\nWe are not allowed to return an error at this point.\nLooking at the code it looks like ret is always 0 at this\npoint, but its not.\n\nt = find_table_lock(net, repl-\u003ename, \u0026ret, \u0026ebt_mutex);\n\n... this can return a valid table, with ret != 0.\n\nThis bug causes update of table-\u003eprivate with the new\nblob, but then frees the blob right away in the caller.\n\nSyzbot report:\n\nBUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\nRead of size 4 at addr ffffc90005425000 by task kworker/u4:4/74\nWorkqueue: netns cleanup_net\nCall Trace:\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:517\n __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\n ebt_unregister_table+0x35/0x40 net/bridge/netfilter/ebtables.c:1372\n ops_exit_list+0xb0/0x170 net/core/net_namespace.c:169\n cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:613\n...\n\nip(6)tables appears to be ok (ret should be 0 at this point) but make\nthis more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54243",
"url": "https://www.suse.com/security/cve/CVE-2023-54243"
},
{
"category": "external",
"summary": "SUSE Bug 1255908 for CVE-2023-54243",
"url": "https://bugzilla.suse.com/1255908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54243"
},
{
"cve": "CVE-2023-54244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: EC: Fix oops when removing custom query handlers\n\nWhen removing custom query handlers, the handler might still\nbe used inside the EC query workqueue, causing a kernel oops\nif the module holding the callback function was already unloaded.\n\nFix this by flushing the EC query workqueue when removing\ncustom query handlers.\n\nTested on a Acer Travelmate 4002WLMi",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54244",
"url": "https://www.suse.com/security/cve/CVE-2023-54244"
},
{
"category": "external",
"summary": "SUSE Bug 1255909 for CVE-2023-54244",
"url": "https://bugzilla.suse.com/1255909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54244"
},
{
"cve": "CVE-2023-54245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds\n\nWhen we run syzkaller we get below Out of Bound.\n \"KASAN: slab-out-of-bounds Read in regcache_flat_read\"\n\n Below is the backtrace of the issue:\n\n dump_backtrace+0x0/0x4c8\n show_stack+0x34/0x44\n dump_stack_lvl+0xd8/0x118\n print_address_description+0x30/0x2d8\n kasan_report+0x158/0x198\n __asan_report_load4_noabort+0x44/0x50\n regcache_flat_read+0x10c/0x110\n regcache_read+0xf4/0x180\n _regmap_read+0xc4/0x278\n _regmap_update_bits+0x130/0x290\n regmap_update_bits_base+0xc0/0x15c\n snd_soc_component_update_bits+0xa8/0x22c\n snd_soc_component_write_field+0x68/0xd4\n tx_macro_digital_mute+0xec/0x140\n\n Actually There is no need to have decimator with 32 bits.\n By limiting the variable with short type u8 issue is resolved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54245",
"url": "https://www.suse.com/security/cve/CVE-2023-54245"
},
{
"category": "external",
"summary": "SUSE Bug 1255912 for CVE-2023-54245",
"url": "https://bugzilla.suse.com/1255912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54245"
},
{
"cve": "CVE-2023-54252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings\n\nMy previous commit introduced a memory leak where the item allocated\nfrom tlmi_setting was not freed.\nThis commit also renames it to avoid confusion with the similarly name\nvariable in the same function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54252",
"url": "https://www.suse.com/security/cve/CVE-2023-54252"
},
{
"category": "external",
"summary": "SUSE Bug 1255889 for CVE-2023-54252",
"url": "https://bugzilla.suse.com/1255889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54252"
},
{
"cve": "CVE-2023-54260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix lost destroy smbd connection when MR allocate failed\n\nIf the MR allocate failed, the smb direct connection info is NULL,\nthen smbd_destroy() will directly return, then the connection info\nwill be leaked.\n\nLet\u0027s set the smb direct connection info to the server before call\nsmbd_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54260",
"url": "https://www.suse.com/security/cve/CVE-2023-54260"
},
{
"category": "external",
"summary": "SUSE Bug 1255878 for CVE-2023-54260",
"url": "https://bugzilla.suse.com/1255878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54260"
},
{
"cve": "CVE-2023-54264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/sysv: Null check to prevent null-ptr-deref bug\n\nsb_getblk(inode-\u003ei_sb, parent) return a null ptr and taking lock on\nthat leads to the null-ptr-deref bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54264",
"url": "https://www.suse.com/security/cve/CVE-2023-54264"
},
{
"category": "external",
"summary": "SUSE Bug 1255872 for CVE-2023-54264",
"url": "https://bugzilla.suse.com/1255872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54264"
},
{
"cve": "CVE-2023-54266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54266"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()\n\n\u0027read\u0027 is freed when it is known to be NULL, but not when a read error\noccurs.\n\nRevert the logic to avoid a small leak, should a m920x_read() call fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54266",
"url": "https://www.suse.com/security/cve/CVE-2023-54266"
},
{
"category": "external",
"summary": "SUSE Bug 1255875 for CVE-2023-54266",
"url": "https://bugzilla.suse.com/1255875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54266"
},
{
"cve": "CVE-2023-54269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: double free xprt_ctxt while still in use\n\nWhen an RPC request is deferred, the rq_xprt_ctxt pointer is moved out\nof the svc_rqst into the svc_deferred_req.\nWhen the deferred request is revisited, the pointer is copied into\nthe new svc_rqst - and also remains in the svc_deferred_req.\n\nIn the (rare?) case that the request is deferred a second time, the old\nsvc_deferred_req is reused - it still has all the correct content.\nHowever in that case the rq_xprt_ctxt pointer is NOT cleared so that\nwhen xpo_release_xprt is called, the ctxt is freed (UDP) or possible\nadded to a free list (RDMA).\nWhen the deferred request is revisited for a second time, it will\nreference this ctxt which may be invalid, and the free the object a\nsecond time which is likely to oops.\n\nSo change svc_defer() to *always* clear rq_xprt_ctxt, and assert that\nthe value is now stored in the svc_deferred_req.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54269",
"url": "https://www.suse.com/security/cve/CVE-2023-54269"
},
{
"category": "external",
"summary": "SUSE Bug 1255876 for CVE-2023-54269",
"url": "https://bugzilla.suse.com/1255876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54269"
},
{
"cve": "CVE-2023-54270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: siano: Fix use after free bugs caused by do_submit_urb\n\nThere are UAF bugs caused by do_submit_urb(). One of the KASan reports\nis shown below:\n\n[ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890\n[ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49\n[ 36.408316]\n[ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8\n[ 36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584\n[ 36.416157] Workqueue: 0x0 (events)\n[ 36.417654] Call Trace:\n[ 36.418546] \u003cTASK\u003e\n[ 36.419320] dump_stack_lvl+0x96/0xd0\n[ 36.420522] print_address_description+0x75/0x350\n[ 36.421992] print_report+0x11b/0x250\n[ 36.423174] ? _raw_spin_lock_irqsave+0x87/0xd0\n[ 36.424806] ? __virt_addr_valid+0xcf/0x170\n[ 36.426069] ? worker_thread+0x4a2/0x890\n[ 36.427355] kasan_report+0x131/0x160\n[ 36.428556] ? worker_thread+0x4a2/0x890\n[ 36.430053] worker_thread+0x4a2/0x890\n[ 36.431297] ? worker_clr_flags+0x90/0x90\n[ 36.432479] kthread+0x166/0x190\n[ 36.433493] ? kthread_blkcg+0x50/0x50\n[ 36.434669] ret_from_fork+0x22/0x30\n[ 36.435923] \u003c/TASK\u003e\n[ 36.436684]\n[ 36.437215] Allocated by task 24:\n[ 36.438289] kasan_set_track+0x50/0x80\n[ 36.439436] __kasan_kmalloc+0x89/0xa0\n[ 36.440566] smsusb_probe+0x374/0xc90\n[ 36.441920] usb_probe_interface+0x2d1/0x4c0\n[ 36.443253] really_probe+0x1d5/0x580\n[ 36.444539] __driver_probe_device+0xe3/0x130\n[ 36.446085] driver_probe_device+0x49/0x220\n[ 36.447423] __device_attach_driver+0x19e/0x1b0\n[ 36.448931] bus_for_each_drv+0xcb/0x110\n[ 36.450217] __device_attach+0x132/0x1f0\n[ 36.451470] bus_probe_device+0x59/0xf0\n[ 36.452563] device_add+0x4ec/0x7b0\n[ 36.453830] usb_set_configuration+0xc63/0xe10\n[ 36.455230] usb_generic_driver_probe+0x3b/0x80\n[ 36.456166] printk: console [ttyGS0] disabled\n[ 36.456569] usb_probe_device+0x90/0x110\n[ 36.459523] really_probe+0x1d5/0x580\n[ 36.461027] __driver_probe_device+0xe3/0x130\n[ 36.462465] driver_probe_device+0x49/0x220\n[ 36.463847] __device_attach_driver+0x19e/0x1b0\n[ 36.465229] bus_for_each_drv+0xcb/0x110\n[ 36.466466] __device_attach+0x132/0x1f0\n[ 36.467799] bus_probe_device+0x59/0xf0\n[ 36.469010] device_add+0x4ec/0x7b0\n[ 36.470125] usb_new_device+0x863/0xa00\n[ 36.471374] hub_event+0x18c7/0x2220\n[ 36.472746] process_one_work+0x34c/0x5b0\n[ 36.474041] worker_thread+0x4b7/0x890\n[ 36.475216] kthread+0x166/0x190\n[ 36.476267] ret_from_fork+0x22/0x30\n[ 36.477447]\n[ 36.478160] Freed by task 24:\n[ 36.479239] kasan_set_track+0x50/0x80\n[ 36.480512] kasan_save_free_info+0x2b/0x40\n[ 36.481808] ____kasan_slab_free+0x122/0x1a0\n[ 36.483173] __kmem_cache_free+0xc4/0x200\n[ 36.484563] smsusb_term_device+0xcd/0xf0\n[ 36.485896] smsusb_probe+0xc85/0xc90\n[ 36.486976] usb_probe_interface+0x2d1/0x4c0\n[ 36.488303] really_probe+0x1d5/0x580\n[ 36.489498] __driver_probe_device+0xe3/0x130\n[ 36.491140] driver_probe_device+0x49/0x220\n[ 36.492475] __device_attach_driver+0x19e/0x1b0\n[ 36.493988] bus_for_each_drv+0xcb/0x110\n[ 36.495171] __device_attach+0x132/0x1f0\n[ 36.496617] bus_probe_device+0x59/0xf0\n[ 36.497875] device_add+0x4ec/0x7b0\n[ 36.498972] usb_set_configuration+0xc63/0xe10\n[ 36.500264] usb_generic_driver_probe+0x3b/0x80\n[ 36.501740] usb_probe_device+0x90/0x110\n[ 36.503084] really_probe+0x1d5/0x580\n[ 36.504241] __driver_probe_device+0xe3/0x130\n[ 36.505548] driver_probe_device+0x49/0x220\n[ 36.506766] __device_attach_driver+0x19e/0x1b0\n[ 36.508368] bus_for_each_drv+0xcb/0x110\n[ 36.509646] __device_attach+0x132/0x1f0\n[ 36.510911] bus_probe_device+0x59/0xf0\n[ 36.512103] device_add+0x4ec/0x7b0\n[ 36.513215] usb_new_device+0x863/0xa00\n[ 36.514736] hub_event+0x18c7/0x2220\n[ 36.516130] process_one_work+\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54270",
"url": "https://www.suse.com/security/cve/CVE-2023-54270"
},
{
"category": "external",
"summary": "SUSE Bug 1255901 for CVE-2023-54270",
"url": "https://bugzilla.suse.com/1255901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54270"
},
{
"cve": "CVE-2023-54271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init\n\nblk-iocost sometimes causes the following crash:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000e0\n ...\n RIP: 0010:_raw_spin_lock+0x17/0x30\n Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0 \u003cf0\u003e 0f b1 0f 75 02 5d c3 89 c6 e8 ea 04 00 00 5d c3 0f 1f 84 00 00\n RSP: 0018:ffffc900023b3d40 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000001\n RDX: ffffc900023b3d20 RSI: ffffc900023b3cf0 RDI: 00000000000000e0\n RBP: ffffc900023b3d40 R08: ffffc900023b3c10 R09: 0000000000000003\n R10: 0000000000000064 R11: 000000000000000a R12: ffff888102337000\n R13: fffffffffffffff2 R14: ffff88810af408c8 R15: ffff8881070c3600\n FS: 00007faaaf364fc0(0000) GS:ffff88842fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000e0 CR3: 00000001097b1000 CR4: 0000000000350ea0\n Call Trace:\n \u003cTASK\u003e\n ioc_weight_write+0x13d/0x410\n cgroup_file_write+0x7a/0x130\n kernfs_fop_write_iter+0xf5/0x170\n vfs_write+0x298/0x370\n ksys_write+0x5f/0xb0\n __x64_sys_write+0x1b/0x20\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis happens because iocg-\u003eioc is NULL. The field is initialized by\nioc_pd_init() and never cleared. The NULL deref is caused by\nblkcg_activate_policy() installing blkg_policy_data before initializing it.\n\nblkcg_activate_policy() was doing the following:\n\n1. Allocate pd\u0027s for all existing blkg\u0027s and install them in blkg-\u003epd[].\n2. Initialize all pd\u0027s.\n3. Online all pd\u0027s.\n\nblkcg_activate_policy() only grabs the queue_lock and may release and\nre-acquire the lock as allocation may need to sleep. ioc_weight_write()\ngrabs blkcg-\u003elock and iterates all its blkg\u0027s. The two can race and if\nioc_weight_write() runs during #1 or between #1 and #2, it can encounter a\npd which is not initialized yet, leading to crash.\n\nThe crash can be reproduced with the following script:\n\n #!/bin/bash\n\n echo +io \u003e /sys/fs/cgroup/cgroup.subtree_control\n systemd-run --unit touch-sda --scope dd if=/dev/sda of=/dev/null bs=1M count=1 iflag=direct\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n bash -c \"echo \u00278:0 enable=1\u0027 \u003e /sys/fs/cgroup/io.cost.qos\" \u0026\n sleep .2\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n\nwith the following patch applied:\n\n\u003e diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c\n\u003e index fc49be622e05..38d671d5e10c 100644\n\u003e --- a/block/blk-cgroup.c\n\u003e +++ b/block/blk-cgroup.c\n\u003e @@ -1553,6 +1553,12 @@ int blkcg_activate_policy(struct gendisk *disk, const struct blkcg_policy *pol)\n\u003e \t\tpd-\u003eonline = false;\n\u003e \t}\n\u003e\n\u003e + if (system_state == SYSTEM_RUNNING) {\n\u003e + spin_unlock_irq(\u0026q-\u003equeue_lock);\n\u003e + ssleep(1);\n\u003e + spin_lock_irq(\u0026q-\u003equeue_lock);\n\u003e + }\n\u003e +\n\u003e \t/* all allocated, init in the same order */\n\u003e \tif (pol-\u003epd_init_fn)\n\u003e \t\tlist_for_each_entry_reverse(blkg, \u0026q-\u003eblkg_list, q_node)\n\nI don\u0027t see a reason why all pd\u0027s should be allocated, initialized and\nonlined together. The only ordering requirement is that parent blkgs to be\ninitialized and onlined before children, which is guaranteed from the\nwalking order. Let\u0027s fix the bug by allocating, initializing and onlining pd\nfor each blkg and holding blkcg-\u003elock over initialization and onlining. This\nensures that an installed blkg is always fully initialized and onlined\nremoving the the race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54271",
"url": "https://www.suse.com/security/cve/CVE-2023-54271"
},
{
"category": "external",
"summary": "SUSE Bug 1255902 for CVE-2023-54271",
"url": "https://bugzilla.suse.com/1255902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54271"
},
{
"cve": "CVE-2023-54274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer\n\nWhen unregistering MAD agent, srpt module has a non-null check\nfor \u0027mad_agent\u0027 pointer before invoking ib_unregister_mad_agent().\nThis check can pass if \u0027mad_agent\u0027 variable holds an error value.\nThe \u0027mad_agent\u0027 can have an error value for a short window when\nsrpt_add_one() and srpt_remove_one() is executed simultaneously.\n\nIn srpt module, added a valid pointer check for \u0027sport-\u003emad_agent\u0027\nbefore unregistering MAD agent.\n\nThis issue can hit when RoCE driver unregisters ib_device\n\nStack Trace:\n------------\nBUG: kernel NULL pointer dereference, address: 000000000000004d\nPGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020\nWorkqueue: bnxt_re bnxt_re_task [bnxt_re]\nRIP: 0010:_raw_spin_lock_irqsave+0x19/0x40\nCall Trace:\n ib_unregister_mad_agent+0x46/0x2f0 [ib_core]\n IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready\n ? __schedule+0x20b/0x560\n srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]\n srpt_remove_one+0x20/0x150 [ib_srpt]\n remove_client_context+0x88/0xd0 [ib_core]\n bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex\n disable_device+0x8a/0x160 [ib_core]\n bond0: active interface up!\n ? kernfs_name_hash+0x12/0x80\n (NULL device *): Bonding Info Received: rdev: 000000006c0b8247\n __ib_unregister_device+0x42/0xb0 [ib_core]\n (NULL device *): Master: mode: 4 num_slaves:2\n ib_unregister_device+0x22/0x30 [ib_core]\n (NULL device *): Slave: id: 105069936 name:p2p1 link:0 state:0\n bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]\n bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54274",
"url": "https://www.suse.com/security/cve/CVE-2023-54274"
},
{
"category": "external",
"summary": "SUSE Bug 1255905 for CVE-2023-54274",
"url": "https://bugzilla.suse.com/1255905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54274"
},
{
"cve": "CVE-2023-54275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup\n\ncrypto_alloc_shash() allocates resources, which should be released by\ncrypto_free_shash(). When ath11k_peer_find() fails, there has memory\nleak. Add missing crypto_free_shash() to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54275",
"url": "https://www.suse.com/security/cve/CVE-2023-54275"
},
{
"category": "external",
"summary": "SUSE Bug 1255906 for CVE-2023-54275",
"url": "https://bugzilla.suse.com/1255906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "low"
}
],
"title": "CVE-2023-54275"
},
{
"cve": "CVE-2023-54277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: Fix endpoint check\n\nThe syzbot fuzzer detected a problem in the udlfb driver, caused by an\nendpoint not having the expected type:\n\nusb 1-1: Read EDID byte 0 failed: -71\nusb 1-1: Unable to get valid EDID from device/display\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880\ndrivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 9 Comm: kworker/0:1 Not tainted\n6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n04/28/2023\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980\n dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315\n dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111\n dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743\n\nThe current approach for this issue failed to catch the problem\nbecause it only checks for the existence of a bulk-OUT endpoint; it\ndoesn\u0027t check whether this endpoint is the one that the driver will\nactually use.\n\nWe can fix the problem by instead checking that the endpoint used by\nthe driver does exist and is bulk-OUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54277",
"url": "https://www.suse.com/security/cve/CVE-2023-54277"
},
{
"category": "external",
"summary": "SUSE Bug 1255910 for CVE-2023-54277",
"url": "https://bugzilla.suse.com/1255910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54277"
},
{
"cve": "CVE-2023-54280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential race when tree connecting ipc\n\nProtect access of TCP_Server_Info::hostname when building the ipc tree\nname as it might get freed in cifsd thread and thus causing an\nuse-after-free bug in __tree_connect_dfs_target(). Also, while at it,\nupdate status of IPC tcon on success and then avoid any extra tree\nconnects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54280",
"url": "https://www.suse.com/security/cve/CVE-2023-54280"
},
{
"category": "external",
"summary": "SUSE Bug 1255819 for CVE-2023-54280",
"url": "https://bugzilla.suse.com/1255819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54280"
},
{
"cve": "CVE-2023-54284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: prevent underflow in write_ts_to_decoder()\n\nThe buf[4] value comes from the user via ts_play(). It is a value in\nthe u8 range. The final length we pass to av7110_ipack_instant_repack()\nis \"len - (buf[4] + 1) - 4\" so add a check to ensure that the length is\nnot negative. It\u0027s not clear that passing a negative len value does\nanything bad necessarily, but it\u0027s not best practice.\n\nWith the new bounds checking the \"if (!len)\" condition is no longer\npossible or required so remove that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54284",
"url": "https://www.suse.com/security/cve/CVE-2023-54284"
},
{
"category": "external",
"summary": "SUSE Bug 1255808 for CVE-2023-54284",
"url": "https://bugzilla.suse.com/1255808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54284"
},
{
"cve": "CVE-2023-54286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace\n\nA received TKIP key may be up to 32 bytes because it may contain\nMIC rx/tx keys too. These are not used by iwl and copying these\nover overflows the iwl_keyinfo.key field.\n\nAdd a check to not copy more data to iwl_keyinfo.key then will fit.\n\nThis fixes backtraces like this one:\n\n memcpy: detected field-spanning write (size 32) of single field \"sta_cmd.key.key\" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16)\n WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm]\n \u003csnip\u003e\n Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017\n RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm]\n \u003csnip\u003e\n Call Trace:\n \u003cTASK\u003e\n iwl_set_dynamic_key+0x1f0/0x220 [iwldvm]\n iwlagn_mac_set_key+0x1e4/0x280 [iwldvm]\n drv_set_key+0xa4/0x1b0 [mac80211]\n ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211]\n ieee80211_key_replace+0x22d/0x8e0 [mac80211]\n \u003csnip\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54286",
"url": "https://www.suse.com/security/cve/CVE-2023-54286"
},
{
"category": "external",
"summary": "SUSE Bug 1255803 for CVE-2023-54286",
"url": "https://bugzilla.suse.com/1255803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54286"
},
{
"cve": "CVE-2023-54287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: imx: disable Ageing Timer interrupt request irq\n\nThere maybe pending USR interrupt before requesting irq, however\nuart_add_one_port has not executed, so there will be kernel panic:\n[ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre\nss 0000000000000080\n[ 0.802701] Mem abort info:\n[ 0.805367] ESR = 0x0000000096000004\n[ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.814033] SET = 0, FnV = 0\n[ 0.816950] EA = 0, S1PTW = 0\n[ 0.819950] FSC = 0x04: level 0 translation fault\n[ 0.824617] Data abort info:\n[ 0.827367] ISV = 0, ISS = 0x00000004\n[ 0.831033] CM = 0, WnR = 0\n[ 0.833866] [0000000000000080] user address but active_mm is swapper\n[ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 0.845953] Modules linked in:\n[ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1\n[ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT)\n[ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0\n[ 0.872283] lr : imx_uart_int+0xf8/0x1ec\n\nThe issue only happends in the inmate linux when Jailhouse hypervisor\nenabled. The test procedure is:\nwhile true; do\n\tjailhouse enable imx8mp.cell\n\tjailhouse cell linux xxxx\n\tsleep 10\n\tjailhouse cell destroy 1\n\tjailhouse disable\n\tsleep 5\ndone\n\nAnd during the upper test, press keys to the 2nd linux console.\nWhen `jailhouse cell destroy 1`, the 2nd linux has no chance to put\nthe uart to a quiese state, so USR1/2 may has pending interrupts. Then\nwhen `jailhosue cell linux xx` to start 2nd linux again, the issue\ntrigger.\n\nIn order to disable irqs before requesting them, both UCR1 and UCR2 irqs\nshould be disabled, so here fix that, disable the Ageing Timer interrupt\nin UCR2 as UCR1 does.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54287",
"url": "https://www.suse.com/security/cve/CVE-2023-54287"
},
{
"category": "external",
"summary": "SUSE Bug 1255804 for CVE-2023-54287",
"url": "https://bugzilla.suse.com/1255804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54287"
},
{
"cve": "CVE-2023-54289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix NULL dereference in error handling\n\nSmatch reported:\n\ndrivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues()\nwarn: missing unwind goto?\n\nAt this point in the function, nothing has been allocated so we can return\ndirectly. In particular the \"qedf-\u003eglobal_queues\" have not been allocated\nso calling qedf_free_global_queues() will lead to a NULL dereference when\nwe check if (!gl[i]) and \"gl\" is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54289",
"url": "https://www.suse.com/security/cve/CVE-2023-54289"
},
{
"category": "external",
"summary": "SUSE Bug 1255806 for CVE-2023-54289",
"url": "https://bugzilla.suse.com/1255806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54289"
},
{
"cve": "CVE-2023-54292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP request done\n\nKCSAN detects a data race on cqp_request-\u003erequest_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\n\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610] irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725] cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827] process_one_work+0x4d1/0xa40\n[222808.417835] worker_thread+0x319/0x700\n[222808.417842] kthread+0x180/0x1b0\n[222808.417852] ret_from_fork+0x22/0x30\n\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995] irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099] irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202] irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308] irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411] irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514] irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618] ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823] __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981] ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142] irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248] i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352] i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450] i40iw_remove+0x21/0x30 [irdma]\n[222808.419554] auxiliary_bus_remove+0x31/0x50\n[222808.419563] device_remove+0x69/0xb0\n[222808.419572] device_release_driver_internal+0x293/0x360\n[222808.419582] driver_detach+0x7c/0xf0\n[222808.419592] bus_remove_driver+0x8c/0x150\n[222808.419600] driver_unregister+0x45/0x70\n[222808.419610] auxiliary_driver_unregister+0x16/0x30\n[222808.419618] irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733] __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745] __x64_sys_delete_module+0x1b/0x30\n[222808.419755] do_syscall_64+0x39/0x90\n[222808.419763] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] value changed: 0x01 -\u003e 0x03",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54292",
"url": "https://www.suse.com/security/cve/CVE-2023-54292"
},
{
"category": "external",
"summary": "SUSE Bug 1255800 for CVE-2023-54292",
"url": "https://bugzilla.suse.com/1255800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54292"
},
{
"cve": "CVE-2023-54293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fixup btree_cache_wait list damage\n\nWe get a kernel crash about \"list_add corruption. next-\u003eprev should be\nprev (ffff9c801bc01210), but was ffff9c77b688237c.\n(next=ffffae586d8afe68).\"\n\ncrash\u003e struct list_head 0xffff9c801bc01210\nstruct list_head {\n next = 0xffffae586d8afe68,\n prev = 0xffffae586d8afe68\n}\ncrash\u003e struct list_head 0xffff9c77b688237c\nstruct list_head {\n next = 0x0,\n prev = 0x0\n}\ncrash\u003e struct list_head 0xffffae586d8afe68\nstruct list_head struct: invalid kernel virtual address: ffffae586d8afe68 type: \"gdb_readmem_callback\"\nCannot access memory at address 0xffffae586d8afe68\n\n[230469.019492] Call Trace:\n[230469.032041] prepare_to_wait+0x8a/0xb0\n[230469.044363] ? bch_btree_keys_free+0x6c/0xc0 [escache]\n[230469.056533] mca_cannibalize_lock+0x72/0x90 [escache]\n[230469.068788] mca_alloc+0x2ae/0x450 [escache]\n[230469.080790] bch_btree_node_get+0x136/0x2d0 [escache]\n[230469.092681] bch_btree_check_thread+0x1e1/0x260 [escache]\n[230469.104382] ? finish_wait+0x80/0x80\n[230469.115884] ? bch_btree_check_recurse+0x1a0/0x1a0 [escache]\n[230469.127259] kthread+0x112/0x130\n[230469.138448] ? kthread_flush_work_fn+0x10/0x10\n[230469.149477] ret_from_fork+0x35/0x40\n\nbch_btree_check_thread() and bch_dirty_init_thread() may call\nmca_cannibalize() to cannibalize other cached btree nodes. Only one thread\ncan do it at a time, so the op of other threads will be added to the\nbtree_cache_wait list.\n\nWe must call finish_wait() to remove op from btree_cache_wait before free\nit\u0027s memory address. Otherwise, the list will be damaged. Also should call\nbch_cannibalize_unlock() to release the btree_cache_alloc_lock and wake_up\nother waiters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54293",
"url": "https://www.suse.com/security/cve/CVE-2023-54293"
},
{
"category": "external",
"summary": "SUSE Bug 1255801 for CVE-2023-54293",
"url": "https://bugzilla.suse.com/1255801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54293"
},
{
"cve": "CVE-2023-54294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix memleak of md thread\n\nIn raid10_run(), if setup_conf() succeed and raid10_run() failed before\nsetting \u0027mddev-\u003ethread\u0027, then in the error path \u0027conf-\u003ethread\u0027 is not\nfreed.\n\nFix the problem by setting \u0027mddev-\u003ethread\u0027 right after setup_conf().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54294",
"url": "https://www.suse.com/security/cve/CVE-2023-54294"
},
{
"category": "external",
"summary": "SUSE Bug 1255802 for CVE-2023-54294",
"url": "https://bugzilla.suse.com/1255802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54294"
},
{
"cve": "CVE-2023-54295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type\n\nspi_nor_set_erase_type() was used either to set or to mask out an erase\ntype. When we used it to mask out an erase type a shift-out-of-bounds\nwas hit:\nUBSAN: shift-out-of-bounds in drivers/mtd/spi-nor/core.c:2237:24\nshift exponent 4294967295 is too large for 32-bit type \u0027int\u0027\n\nThe setting of the size_{shift, mask} and of the opcode are unnecessary\nwhen the erase size is zero, as throughout the code just the erase size\nis considered to determine whether an erase type is supported or not.\nSetting the opcode to 0xFF was wrong too as nobody guarantees that 0xFF\nis an unused opcode. Thus when masking out an erase type, just set the\nerase size to zero. This will fix the shift-out-of-bounds.\n\n[ta: refine changes, new commit message, fix compilation error]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54295",
"url": "https://www.suse.com/security/cve/CVE-2023-54295"
},
{
"category": "external",
"summary": "SUSE Bug 1255797 for CVE-2023-54295",
"url": "https://bugzilla.suse.com/1255797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54295"
},
{
"cve": "CVE-2023-54298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: quark_dts: fix error pointer dereference\n\nIf alloc_soc_dts() fails, then we can just return. Trying to free\n\"soc_dts\" will lead to an Oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54298",
"url": "https://www.suse.com/security/cve/CVE-2023-54298"
},
{
"category": "external",
"summary": "SUSE Bug 1255796 for CVE-2023-54298",
"url": "https://bugzilla.suse.com/1255796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54298"
},
{
"cve": "CVE-2023-54299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: bus: verify partner exists in typec_altmode_attention\n\nSome usb hubs will negotiate DisplayPort Alt mode with the device\nbut will then negotiate a data role swap after entering the alt\nmode. The data role swap causes the device to unregister all alt\nmodes, however the usb hub will still send Attention messages\neven after failing to reregister the Alt Mode. type_altmode_attention\ncurrently does not verify whether or not a device\u0027s altmode partner\nexists, which results in a NULL pointer error when dereferencing\nthe typec_altmode and typec_altmode_ops belonging to the altmode\npartner.\n\nVerify the presence of a device\u0027s altmode partner before sending\nthe Attention message to the Alt Mode driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54299",
"url": "https://www.suse.com/security/cve/CVE-2023-54299"
},
{
"category": "external",
"summary": "SUSE Bug 1255789 for CVE-2023-54299",
"url": "https://bugzilla.suse.com/1255789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54299"
},
{
"cve": "CVE-2023-54300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx\n\nFor the reasons also described in commit b383e8abed41 (\"wifi: ath9k: avoid\nuninit memory read in ath9k_htc_rx_msg()\"), ath9k_htc_rx_msg() should\nvalidate pkt_len before accessing the SKB.\n\nFor example, the obtained SKB may have been badly constructed with\npkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr\nbut after being processed in ath9k_htc_rx_msg() and passed to\nath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI\ncommand header which should be located inside its data payload.\n\nImplement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit\nmemory can be referenced.\n\nTested on Qualcomm Atheros Communications AR9271 802.11n .\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54300",
"url": "https://www.suse.com/security/cve/CVE-2023-54300"
},
{
"category": "external",
"summary": "SUSE Bug 1255790 for CVE-2023-54300",
"url": "https://bugzilla.suse.com/1255790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54300"
},
{
"cve": "CVE-2023-54301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54301"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_bcm7271: fix leak in `brcmuart_probe`\n\nSmatch reports:\ndrivers/tty/serial/8250/8250_bcm7271.c:1120 brcmuart_probe() warn:\n\u0027baud_mux_clk\u0027 from clk_prepare_enable() not released on lines: 1032.\n\nThe issue is fixed by using a managed clock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54301",
"url": "https://www.suse.com/security/cve/CVE-2023-54301"
},
{
"category": "external",
"summary": "SUSE Bug 1255791 for CVE-2023-54301",
"url": "https://bugzilla.suse.com/1255791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54301"
},
{
"cve": "CVE-2023-54302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54302"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP completion stats\n\nCQP completion statistics is read lockesly in irdma_wait_event and\nirdma_check_cqp_progress while it can be updated in the completion\nthread irdma_sc_ccq_get_cqe_info on another CPU as KCSAN reports.\n\nMake completion statistics an atomic variable to reflect coherent updates\nto it. This will also avoid load/store tearing logic bug potentially\npossible by compiler optimizations.\n\n[77346.170861] BUG: KCSAN: data-race in irdma_handle_cqp_op [irdma] / irdma_sc_ccq_get_cqe_info [irdma]\n\n[77346.171383] write to 0xffff8a3250b108e0 of 8 bytes by task 9544 on cpu 4:\n[77346.171483] irdma_sc_ccq_get_cqe_info+0x27a/0x370 [irdma]\n[77346.171658] irdma_cqp_ce_handler+0x164/0x270 [irdma]\n[77346.171835] cqp_compl_worker+0x1b/0x20 [irdma]\n[77346.172009] process_one_work+0x4d1/0xa40\n[77346.172024] worker_thread+0x319/0x700\n[77346.172037] kthread+0x180/0x1b0\n[77346.172054] ret_from_fork+0x22/0x30\n\n[77346.172136] read to 0xffff8a3250b108e0 of 8 bytes by task 9838 on cpu 2:\n[77346.172234] irdma_handle_cqp_op+0xf4/0x4b0 [irdma]\n[77346.172413] irdma_cqp_aeq_cmd+0x75/0xa0 [irdma]\n[77346.172592] irdma_create_aeq+0x390/0x45a [irdma]\n[77346.172769] irdma_rt_init_hw.cold+0x212/0x85d [irdma]\n[77346.172944] irdma_probe+0x54f/0x620 [irdma]\n[77346.173122] auxiliary_bus_probe+0x66/0xa0\n[77346.173137] really_probe+0x140/0x540\n[77346.173154] __driver_probe_device+0xc7/0x220\n[77346.173173] driver_probe_device+0x5f/0x140\n[77346.173190] __driver_attach+0xf0/0x2c0\n[77346.173208] bus_for_each_dev+0xa8/0xf0\n[77346.173225] driver_attach+0x29/0x30\n[77346.173240] bus_add_driver+0x29c/0x2f0\n[77346.173255] driver_register+0x10f/0x1a0\n[77346.173272] __auxiliary_driver_register+0xbc/0x140\n[77346.173287] irdma_init_module+0x55/0x1000 [irdma]\n[77346.173460] do_one_initcall+0x7d/0x410\n[77346.173475] do_init_module+0x81/0x2c0\n[77346.173491] load_module+0x1232/0x12c0\n[77346.173506] __do_sys_finit_module+0x101/0x180\n[77346.173522] __x64_sys_finit_module+0x3c/0x50\n[77346.173538] do_syscall_64+0x39/0x90\n[77346.173553] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[77346.173634] value changed: 0x0000000000000094 -\u003e 0x0000000000000095",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54302",
"url": "https://www.suse.com/security/cve/CVE-2023-54302"
},
{
"category": "external",
"summary": "SUSE Bug 1255792 for CVE-2023-54302",
"url": "https://bugzilla.suse.com/1255792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54302"
},
{
"cve": "CVE-2023-54304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: meson_sm: fix to avoid potential NULL pointer dereference\n\nof_match_device() may fail and returns a NULL pointer.\n\nFix this by checking the return value of of_match_device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54304",
"url": "https://www.suse.com/security/cve/CVE-2023-54304"
},
{
"category": "external",
"summary": "SUSE Bug 1255786 for CVE-2023-54304",
"url": "https://bugzilla.suse.com/1255786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54304"
},
{
"cve": "CVE-2023-54305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: refuse to create ea block when umounted\n\nThe ea block expansion need to access s_root while it is\nalready set as NULL when umount is triggered. Refuse this\nrequest to avoid panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54305",
"url": "https://www.suse.com/security/cve/CVE-2023-54305"
},
{
"category": "external",
"summary": "SUSE Bug 1255787 for CVE-2023-54305",
"url": "https://bugzilla.suse.com/1255787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54305"
},
{
"cve": "CVE-2023-54309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation\n\n/dev/vtpmx is made visible before \u0027workqueue\u0027 is initialized, which can\nlead to a memory corruption in the worst case scenario.\n\nAddress this by initializing \u0027workqueue\u0027 as the very first step of the\ndriver initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54309",
"url": "https://www.suse.com/security/cve/CVE-2023-54309"
},
{
"category": "external",
"summary": "SUSE Bug 1255780 for CVE-2023-54309",
"url": "https://bugzilla.suse.com/1255780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54309"
},
{
"cve": "CVE-2023-54311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix deadlock when converting an inline directory in nojournal mode\n\nIn no journal mode, ext4_finish_convert_inline_dir() can self-deadlock\nby calling ext4_handle_dirty_dirblock() when it already has taken the\ndirectory lock. There is a similar self-deadlock in\next4_incvert_inline_data_nolock() for data files which we\u0027ll fix at\nthe same time.\n\nA simple reproducer demonstrating the problem:\n\n mke2fs -Fq -t ext2 -O inline_data -b 4k /dev/vdc 64\n mount -t ext4 -o dirsync /dev/vdc /vdc\n cd /vdc\n mkdir file0\n cd file0\n touch file0\n touch file1\n attr -s BurnSpaceInEA -V abcde .\n touch supercalifragilisticexpialidocious",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54311",
"url": "https://www.suse.com/security/cve/CVE-2023-54311"
},
{
"category": "external",
"summary": "SUSE Bug 1255773 for CVE-2023-54311",
"url": "https://bugzilla.suse.com/1255773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54311"
},
{
"cve": "CVE-2023-54315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/sriov: perform null check on iov before dereferencing iov\n\nCurrently pointer iov is being dereferenced before the null check of iov\nwhich can lead to null pointer dereference errors. Fix this by moving the\niov null check before the dereferencing.\n\nDetected using cppcheck static analysis:\nlinux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either\nthe condition \u0027!iov\u0027 is redundant or there is possible null pointer\ndereference: iov. [nullPointerRedundantCheck]\n num_vfs = iov-\u003enum_vfs;\n ^",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54315",
"url": "https://www.suse.com/security/cve/CVE-2023-54315"
},
{
"category": "external",
"summary": "SUSE Bug 1255769 for CVE-2023-54315",
"url": "https://bugzilla.suse.com/1255769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54315"
},
{
"cve": "CVE-2023-54317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm flakey: don\u0027t corrupt the zero page\n\nWhen we need to zero some range on a block device, the function\n__blkdev_issue_zero_pages submits a write bio with the bio vector pointing\nto the zero page. If we use dm-flakey with corrupt bio writes option, it\nwill corrupt the content of the zero page which results in crashes of\nvarious userspace programs. Glibc assumes that memory returned by mmap is\nzeroed and it uses it for calloc implementation; if the newly mapped\nmemory is not zeroed, calloc will return non-zeroed memory.\n\nFix this bug by testing if the page is equal to ZERO_PAGE(0) and\navoiding the corruption in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54317",
"url": "https://www.suse.com/security/cve/CVE-2023-54317"
},
{
"category": "external",
"summary": "SUSE Bug 1255771 for CVE-2023-54317",
"url": "https://bugzilla.suse.com/1255771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54317"
},
{
"cve": "CVE-2023-54319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91-pio4: check return value of devm_kasprintf()\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory.\nPointer could be NULL in case allocation fails. Check pointer validity.\nIdentified with coccinelle (kmerr.cocci script).\n\nDepends-on: 1c4e5c470a56 (\"pinctrl: at91: use devm_kasprintf() to avoid potential leaks\")\nDepends-on: 5a8f9cf269e8 (\"pinctrl: at91-pio4: use proper format specifier for unsigned int\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54319",
"url": "https://www.suse.com/security/cve/CVE-2023-54319"
},
{
"category": "external",
"summary": "SUSE Bug 1255760 for CVE-2023-54319",
"url": "https://bugzilla.suse.com/1255760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54319"
},
{
"cve": "CVE-2023-54321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential null-ptr-deref in device_add()\n\nI got the following null-ptr-deref report while doing fault injection test:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000058\nCPU: 2 PID: 278 Comm: 37-i2c-ds2482 Tainted: G B W N 6.1.0-rc3+\nRIP: 0010:klist_put+0x2d/0xd0\nCall Trace:\n \u003cTASK\u003e\n klist_remove+0xf1/0x1c0\n device_release_driver_internal+0x196/0x210\n bus_remove_device+0x1bd/0x240\n device_add+0xd3d/0x1100\n w1_add_master_device+0x476/0x490 [wire]\n ds2482_probe+0x303/0x3e0 [ds2482]\n\nThis is how it happened:\n\nw1_alloc_dev()\n // The dev-\u003edriver is set to w1_master_driver.\n memcpy(\u0026dev-\u003edev, device, sizeof(struct device));\n device_add()\n bus_add_device()\n dpm_sysfs_add() // It fails, calls bus_remove_device.\n\n // error path\n bus_remove_device()\n // The dev-\u003edriver is not null, but driver is not bound.\n __device_release_driver()\n klist_remove(\u0026dev-\u003ep-\u003eknode_driver) \u003c-- It causes null-ptr-deref.\n\n // normal path\n bus_probe_device() // It\u0027s not called yet.\n device_bind_driver()\n\nIf dev-\u003edriver is set, in the error path after calling bus_add_device()\nin device_add(), bus_remove_device() is called, then the device will be\ndetached from driver. But device_bind_driver() is not called yet, so it\ncauses null-ptr-deref while access the \u0027knode_driver\u0027. To fix this, set\ndev-\u003edriver to null in the error path before calling bus_remove_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54321",
"url": "https://www.suse.com/security/cve/CVE-2023-54321"
},
{
"category": "external",
"summary": "SUSE Bug 1255762 for CVE-2023-54321",
"url": "https://bugzilla.suse.com/1255762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54321"
},
{
"cve": "CVE-2023-54325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix out-of-bounds read\n\nWhen preparing an AER-CTR request, the driver copies the key provided by\nthe user into a data structure that is accessible by the firmware.\nIf the target device is QAT GEN4, the key size is rounded up by 16 since\na rounded up size is expected by the device.\nIf the key size is rounded up before the copy, the size used for copying\nthe key might be bigger than the size of the region containing the key,\ncausing an out-of-bounds read.\n\nFix by doing the copy first and then update the keylen.\n\nThis is to fix the following warning reported by KASAN:\n\n\t[ 138.150574] BUG: KASAN: global-out-of-bounds in qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]\n\t[ 138.150641] Read of size 32 at addr ffffffff88c402c0 by task cryptomgr_test/2340\n\n\t[ 138.150651] CPU: 15 PID: 2340 Comm: cryptomgr_test Not tainted 6.2.0-rc1+ #45\n\t[ 138.150659] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.86B.0087.D13.2208261706 08/26/2022\n\t[ 138.150663] Call Trace:\n\t[ 138.150668] \u003cTASK\u003e\n\t[ 138.150922] kasan_check_range+0x13a/0x1c0\n\t[ 138.150931] memcpy+0x1f/0x60\n\t[ 138.150940] qat_alg_skcipher_init_com.isra.0+0x197/0x250 [intel_qat]\n\t[ 138.151006] qat_alg_skcipher_init_sessions+0xc1/0x240 [intel_qat]\n\t[ 138.151073] crypto_skcipher_setkey+0x82/0x160\n\t[ 138.151085] ? prepare_keybuf+0xa2/0xd0\n\t[ 138.151095] test_skcipher_vec_cfg+0x2b8/0x800",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54325",
"url": "https://www.suse.com/security/cve/CVE-2023-54325"
},
{
"category": "external",
"summary": "SUSE Bug 1255757 for CVE-2023-54325",
"url": "https://bugzilla.suse.com/1255757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54325"
},
{
"cve": "CVE-2023-54326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-54326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Free IRQs before removing the device\n\nIn pci_endpoint_test_remove(), freeing the IRQs after removing the device\ncreates a small race window for IRQs to be received with the test device\nmemory already released, causing the IRQ handler to access invalid memory,\nresulting in an oops.\n\nFree the device IRQs before removing the device to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-54326",
"url": "https://www.suse.com/security/cve/CVE-2023-54326"
},
{
"category": "external",
"summary": "SUSE Bug 1255758 for CVE-2023-54326",
"url": "https://bugzilla.suse.com/1255758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2023-54326"
},
{
"cve": "CVE-2024-28956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28956"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28956",
"url": "https://www.suse.com/security/cve/CVE-2024-28956"
},
{
"category": "external",
"summary": "SUSE Bug 1242006 for CVE-2024-28956",
"url": "https://bugzilla.suse.com/1242006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-28956"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-44987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n do_writev+0x1b1/0x350 fs/read_write.c:1018\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \u003c/TASK\u003e\n\nAllocated by task 6530:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n dst_alloc+0x12b/0x190 net/core/dst.c:89\n ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kmem_cache_free+0x145/0x350 mm/slub.c:4548\n dst_destroy+0x2ac/0x460 net/core/dst.c:124\n rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44987",
"url": "https://www.suse.com/security/cve/CVE-2024-44987"
},
{
"category": "external",
"summary": "SUSE Bug 1230185 for CVE-2024-44987",
"url": "https://bugzilla.suse.com/1230185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2024-44987"
},
{
"cve": "CVE-2025-38068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lzo - Fix compression buffer overrun\n\nUnlike the decompression code, the compression code in LZO never\nchecked for output overruns. It instead assumes that the caller\nalways provides enough buffer space, disregarding the buffer length\nprovided by the caller.\n\nAdd a safe compression interface that checks for the end of buffer\nbefore each write. Use the safe interface in crypto/lzo.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38068",
"url": "https://www.suse.com/security/cve/CVE-2025-38068"
},
{
"category": "external",
"summary": "SUSE Bug 1245210 for CVE-2025-38068",
"url": "https://bugzilla.suse.com/1245210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-38068"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "external",
"summary": "SUSE Bug 1257629 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1257629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-39977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39977"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Prevent use-after-free during requeue-PI\n\nsyzbot managed to trigger the following race:\n\n T1 T2\n\n futex_wait_requeue_pi()\n futex_do_wait()\n schedule()\n futex_requeue()\n futex_proxy_trylock_atomic()\n futex_requeue_pi_prepare()\n requeue_pi_wake_futex()\n futex_requeue_pi_complete()\n /* preempt */\n\n * timeout/ signal wakes T1 *\n\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\n futex_hash_put()\n // back to userland, on stack futex_q is garbage\n\n /* back */\n wake_up_state(q-\u003etask, TASK_NORMAL);\n\nIn this scenario futex_wait_requeue_pi() is able to leave without using\nfutex_q::lock_ptr for synchronization.\n\nThis can be prevented by reading futex_q::task before updating the\nfutex_q::requeue_state. A reference on the task_struct is not needed\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\nimplies a RCU read section.\n\nEven if T1 terminates immediately after, the task_struct will remain valid\nduring T2\u0027s wake_up_state(). A READ_ONCE on futex_q::task before\nfutex_requeue_pi_complete() is enough because it ensures that the variable\nis read before the state is updated.\n\nRead futex_q::task before updating the requeue state, use it for the\nfollowing wakeup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39977",
"url": "https://www.suse.com/security/cve/CVE-2025-39977"
},
{
"category": "external",
"summary": "SUSE Bug 1252046 for CVE-2025-39977",
"url": "https://bugzilla.suse.com/1252046"
},
{
"category": "external",
"summary": "SUSE Bug 1252048 for CVE-2025-39977",
"url": "https://bugzilla.suse.com/1252048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-39977"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().\n\nsmc_clc_prfx_set() is called during connect() and not under RCU\nnor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet\u0027s use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock()\nafter kernel_getsockname().\n\nNote that the returned value of smc_clc_prfx_set() is not used\nin the caller.\n\nWhile at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu()\nnot to touch dst there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40139",
"url": "https://www.suse.com/security/cve/CVE-2025-40139"
},
{
"category": "external",
"summary": "SUSE Bug 1253409 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253409"
},
{
"category": "external",
"summary": "SUSE Bug 1253411 for CVE-2025-40139",
"url": "https://bugzilla.suse.com/1253411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40139"
},
{
"cve": "CVE-2025-40215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can\u0027t guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe\u0027re going to lock x-\u003etunnel while x is locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40215",
"url": "https://www.suse.com/security/cve/CVE-2025-40215"
},
{
"category": "external",
"summary": "SUSE Bug 1254959 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1254959"
},
{
"category": "external",
"summary": "SUSE Bug 1255054 for CVE-2025-40215",
"url": "https://bugzilla.suse.com/1255054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40215"
},
{
"cve": "CVE-2025-40220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix livelock in synchronous file put from fuseblk workers\n\nI observed a hang when running generic/323 against a fuseblk server.\nThis test opens a file, initiates a lot of AIO writes to that file\ndescriptor, and closes the file descriptor before the writes complete.\nUnsurprisingly, the AIO exerciser threads are mostly stuck waiting for\nresponses from the fuseblk server:\n\n# cat /proc/372265/task/372313/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_do_getattr+0xfc/0x1f0 [fuse]\n[\u003c0\u003e] fuse_file_read_iter+0xbe/0x1c0 [fuse]\n[\u003c0\u003e] aio_read+0x130/0x1e0\n[\u003c0\u003e] io_submit_one+0x542/0x860\n[\u003c0\u003e] __x64_sys_io_submit+0x98/0x1a0\n[\u003c0\u003e] do_syscall_64+0x37/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nBut the /weird/ part is that the fuseblk server threads are waiting for\nresponses from itself:\n\n# cat /proc/372210/task/372232/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_file_put+0x9a/0xd0 [fuse]\n[\u003c0\u003e] fuse_release+0x36/0x50 [fuse]\n[\u003c0\u003e] __fput+0xec/0x2b0\n[\u003c0\u003e] task_work_run+0x55/0x90\n[\u003c0\u003e] syscall_exit_to_user_mode+0xe9/0x100\n[\u003c0\u003e] do_syscall_64+0x43/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe fuseblk server is fuse2fs so there\u0027s nothing all that exciting in\nthe server itself. So why is the fuse server calling fuse_file_put?\nThe commit message for the fstest sheds some light on that:\n\n\"By closing the file descriptor before calling io_destroy, you pretty\nmuch guarantee that the last put on the ioctx will be done in interrupt\ncontext (during I/O completion).\n\nAha. AIO fgets a new struct file from the fd when it queues the ioctx.\nThe completion of the FUSE_WRITE command from userspace causes the fuse\nserver to call the AIO completion function. The completion puts the\nstruct file, queuing a delayed fput to the fuse server task. When the\nfuse server task returns to userspace, it has to run the delayed fput,\nwhich in the case of a fuseblk server, it does synchronously.\n\nSending the FUSE_RELEASE command sychronously from fuse server threads\nis a bad idea because a client program can initiate enough simultaneous\nAIOs such that all the fuse server threads end up in delayed_fput, and\nnow there aren\u0027t any threads left to handle the queued fuse commands.\n\nFix this by only using asynchronous fputs when closing files, and leave\na comment explaining why.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40220",
"url": "https://www.suse.com/security/cve/CVE-2025-40220"
},
{
"category": "external",
"summary": "SUSE Bug 1254520 for CVE-2025-40220",
"url": "https://bugzilla.suse.com/1254520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40220"
},
{
"cve": "CVE-2025-40233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: clear extent cache after moving/defragmenting extents\n\nThe extent map cache can become stale when extents are moved or\ndefragmented, causing subsequent operations to see outdated extent flags. \nThis triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().\n\nThe problem occurs when:\n1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED\n2. ioctl(FITRIM) triggers ocfs2_move_extents()\n3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)\n4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()\n which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)\n5. The extent map cache is not invalidated after the move\n6. Later write() operations read stale cached flags (0x2) but disk has\n updated flags (0x0), causing a mismatch\n7. BUG_ON(!(rec-\u003ee_flags \u0026 OCFS2_EXT_REFCOUNTED)) triggers\n\nFix by clearing the extent map cache after each extent move/defrag\noperation in __ocfs2_move_extents_range(). This ensures subsequent\noperations read fresh extent data from disk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40233",
"url": "https://www.suse.com/security/cve/CVE-2025-40233"
},
{
"category": "external",
"summary": "SUSE Bug 1254813 for CVE-2025-40233",
"url": "https://bugzilla.suse.com/1254813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40233"
},
{
"cve": "CVE-2025-40256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added\n\nIn commit b441cf3f8c4b (\"xfrm: delete x-\u003etunnel as we delete x\"), I\nmissed the case where state creation fails between full\ninitialization (-\u003einit_state has been called) and being inserted on\nthe lists.\n\nIn this situation, -\u003einit_state has been called, so for IPcomp\ntunnels, the fallback tunnel has been created and added onto the\nlists, but the user state never gets added, because we fail before\nthat. The user state doesn\u0027t go through __xfrm_state_delete, so we\ndon\u0027t call xfrm_state_delete_tunnel for those states, and we end up\nleaking the FB tunnel.\n\nThere are several codepaths affected by this: the add/update paths, in\nboth net/key and xfrm, and the migrate code (xfrm_migrate,\nxfrm_state_migrate). A \"proper\" rollback of the init_state work would\nprobably be doable in the add/update code, but for migrate it gets\nmore complicated as multiple states may be involved.\n\nAt some point, the new (not-inserted) state will be destroyed, so call\nxfrm_state_delete_tunnel during xfrm_state_gc_destroy. Most states\nwill have their fallback tunnel cleaned up during __xfrm_state_delete,\nwhich solves the issue that b441cf3f8c4b (and other patches before it)\naimed at. All states (including FB tunnels) will be removed from the\nlists once xfrm_state_fini has called flush_work(\u0026xfrm_state_gc_work).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40256",
"url": "https://www.suse.com/security/cve/CVE-2025-40256"
},
{
"category": "external",
"summary": "SUSE Bug 1254851 for CVE-2025-40256",
"url": "https://bugzilla.suse.com/1254851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40256"
},
{
"cve": "CVE-2025-40257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix a race in mptcp_pm_del_add_timer()\n\nmptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, \u0026entry-\u003eadd_timer)\nwhile another might have free entry already, as reported by syzbot.\n\nAdd RCU protection to fix this issue.\n\nAlso change confusing add_timer variable with stop_timer boolean.\n\nsyzbot report:\n\nBUG: KASAN: slab-use-after-free in __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\nRead of size 4 at addr ffff8880311e4150 by task kworker/1:1/44\n\nCPU: 1 UID: 0 PID: 44 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nWorkqueue: events mptcp_worker\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\n sk_stop_timer_sync+0x1b/0x90 net/core/sock.c:3631\n mptcp_pm_del_add_timer+0x283/0x310 net/mptcp/pm.c:362\n mptcp_incoming_options+0x1357/0x1f60 net/mptcp/options.c:1174\n tcp_data_queue+0xca/0x6450 net/ipv4/tcp_input.c:5361\n tcp_rcv_established+0x1335/0x2670 net/ipv4/tcp_input.c:6441\n tcp_v4_do_rcv+0x98b/0xbf0 net/ipv4/tcp_ipv4.c:1931\n tcp_v4_rcv+0x252a/0x2dc0 net/ipv4/tcp_ipv4.c:2374\n ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:239\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n __netif_receive_skb_one_core net/core/dev.c:6079 [inline]\n __netif_receive_skb+0x143/0x380 net/core/dev.c:6192\n process_backlog+0x31e/0x900 net/core/dev.c:6544\n __napi_poll+0xb6/0x540 net/core/dev.c:7594\n napi_poll net/core/dev.c:7657 [inline]\n net_rx_action+0x5f7/0xda0 net/core/dev.c:7784\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n __local_bh_enable_ip+0x1a0/0x2e0 kernel/softirq.c:302\n mptcp_pm_send_ack net/mptcp/pm.c:210 [inline]\n mptcp_pm_addr_send_ack+0x41f/0x500 net/mptcp/pm.c:-1\n mptcp_pm_worker+0x174/0x320 net/mptcp/pm.c:1002\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\n process_one_work kernel/workqueue.c:3263 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 44:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n poison_kmalloc_redzone mm/kasan/common.c:400 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417\n kasan_kmalloc include/linux/kasan.h:262 [inline]\n __kmalloc_cache_noprof+0x1ef/0x6c0 mm/slub.c:5748\n kmalloc_noprof include/linux/slab.h:957 [inline]\n mptcp_pm_alloc_anno_list+0x104/0x460 net/mptcp/pm.c:385\n mptcp_pm_create_subflow_or_signal_addr+0xf9d/0x1360 net/mptcp/pm_kernel.c:355\n mptcp_pm_nl_fully_established net/mptcp/pm_kernel.c:409 [inline]\n __mptcp_pm_kernel_worker+0x417/0x1ef0 net/mptcp/pm_kernel.c:1529\n mptcp_pm_worker+0x1ee/0x320 net/mptcp/pm.c:1008\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\n process_one_work kernel/workqueue.c:3263 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\nFreed by task 6630:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587\n kasan_save_free_info mm/kasan/kasan.h:406 [inline]\n poison_slab_object m\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40257",
"url": "https://www.suse.com/security/cve/CVE-2025-40257"
},
{
"category": "external",
"summary": "SUSE Bug 1254842 for CVE-2025-40257",
"url": "https://bugzilla.suse.com/1254842"
},
{
"category": "external",
"summary": "SUSE Bug 1257242 for CVE-2025-40257",
"url": "https://bugzilla.suse.com/1257242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40257"
},
{
"cve": "CVE-2025-40258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40258",
"url": "https://www.suse.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "SUSE Bug 1254843 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1254843"
},
{
"category": "external",
"summary": "SUSE Bug 1255053 for CVE-2025-40258",
"url": "https://bugzilla.suse.com/1255053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\n\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40277",
"url": "https://www.suse.com/security/cve/CVE-2025-40277"
},
{
"category": "external",
"summary": "SUSE Bug 1254894 for CVE-2025-40277",
"url": "https://bugzilla.suse.com/1254894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40277"
},
{
"cve": "CVE-2025-40280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_mon_reinit_self().\n\nsyzbot reported use-after-free of tipc_net(net)-\u003emonitors[]\nin tipc_mon_reinit_self(). [0]\n\nThe array is protected by RTNL, but tipc_mon_reinit_self()\niterates over it without RTNL.\n\ntipc_mon_reinit_self() is called from tipc_net_finalize(),\nwhich is always under RTNL except for tipc_net_finalize_work().\n\nLet\u0027s hold RTNL in tipc_net_finalize_work().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nRead of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989\n\nCPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nWorkqueue: events tipc_net_finalize_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568\n kasan_check_byte include/linux/kasan.h:399 [inline]\n lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\n rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline]\n rwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline]\n rwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244\n rt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243\n write_lock_bh include/linux/rwlock_rt.h:99 [inline]\n tipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718\n tipc_net_finalize+0x115/0x190 net/tipc/net.c:140\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 6089:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n tipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657\n tipc_enable_bearer net/tipc/bearer.c:357 [inline]\n __tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047\n __tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline]\n tipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393\n tipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline]\n tipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321\n genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:729\n ____sys_sendmsg+0x508/0x820 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40280",
"url": "https://www.suse.com/security/cve/CVE-2025-40280"
},
{
"category": "external",
"summary": "SUSE Bug 1254847 for CVE-2025-40280",
"url": "https://bugzilla.suse.com/1254847"
},
{
"category": "external",
"summary": "SUSE Bug 1254951 for CVE-2025-40280",
"url": "https://bugzilla.suse.com/1254951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-40280"
},
{
"cve": "CVE-2025-40300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40300",
"url": "https://www.suse.com/security/cve/CVE-2025-40300"
},
{
"category": "external",
"summary": "SUSE Bug 1249561 for CVE-2025-40300",
"url": "https://bugzilla.suse.com/1249561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40300"
},
{
"cve": "CVE-2025-40331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Prevent TOCTOU out-of-bounds write\n\nFor the following path not holding the sock lock,\n\n sctp_diag_dump() -\u003e sctp_for_each_endpoint() -\u003e sctp_ep_dump()\n\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40331",
"url": "https://www.suse.com/security/cve/CVE-2025-40331"
},
{
"category": "external",
"summary": "SUSE Bug 1254615 for CVE-2025-40331",
"url": "https://bugzilla.suse.com/1254615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-40331"
},
{
"cve": "CVE-2025-68183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: don\u0027t clear IMA_DIGSIG flag when setting or removing non-IMA xattr\n\nCurrently when both IMA and EVM are in fix mode, the IMA signature will\nbe reset to IMA hash if a program first stores IMA signature in\nsecurity.ima and then writes/removes some other security xattr for the\nfile.\n\nFor example, on Fedora, after booting the kernel with \"ima_appraise=fix\nevm=fix ima_policy=appraise_tcb\" and installing rpm-plugin-ima,\ninstalling/reinstalling a package will not make good reference IMA\nsignature generated. Instead IMA hash is generated,\n\n # getfattr -m - -d -e hex /usr/bin/bash\n # file: usr/bin/bash\n security.ima=0x0404...\n\nThis happens because when setting security.selinux, the IMA_DIGSIG flag\nthat had been set early was cleared. As a result, IMA hash is generated\nwhen the file is closed.\n\nSimilarly, IMA signature can be cleared on file close after removing\nsecurity xattr like security.evm or setting/removing ACL.\n\nPrevent replacing the IMA file signature with a file hash, by preventing\nthe IMA_DIGSIG flag from being reset.\n\nHere\u0027s a minimal C reproducer which sets security.selinux as the last\nstep which can also replaced by removing security.evm or setting ACL,\n\n #include \u003cstdio.h\u003e\n #include \u003csys/xattr.h\u003e\n #include \u003cfcntl.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstring.h\u003e\n #include \u003cstdlib.h\u003e\n\n int main() {\n const char* file_path = \"/usr/sbin/test_binary\";\n const char* hex_string = \"030204d33204490066306402304\";\n int length = strlen(hex_string);\n char* ima_attr_value;\n int fd;\n\n fd = open(file_path, O_WRONLY|O_CREAT|O_EXCL, 0644);\n if (fd == -1) {\n perror(\"Error opening file\");\n return 1;\n }\n\n ima_attr_value = (char*)malloc(length / 2 );\n for (int i = 0, j = 0; i \u003c length; i += 2, j++) {\n sscanf(hex_string + i, \"%2hhx\", \u0026ima_attr_value[j]);\n }\n\n if (fsetxattr(fd, \"security.ima\", ima_attr_value, length/2, 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n const char* selinux_value= \"system_u:object_r:bin_t:s0\";\n if (fsetxattr(fd, \"security.selinux\", selinux_value, strlen(selinux_value), 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n close(fd);\n\n return 0;\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68183",
"url": "https://www.suse.com/security/cve/CVE-2025-68183"
},
{
"category": "external",
"summary": "SUSE Bug 1255251 for CVE-2025-68183",
"url": "https://bugzilla.suse.com/1255251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-68183"
},
{
"cve": "CVE-2025-68284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68284"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68284",
"url": "https://www.suse.com/security/cve/CVE-2025-68284"
},
{
"category": "external",
"summary": "SUSE Bug 1255377 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255377"
},
{
"category": "external",
"summary": "SUSE Bug 1255378 for CVE-2025-68284",
"url": "https://bugzilla.suse.com/1255378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-68284"
},
{
"cve": "CVE-2025-68285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68285"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68285",
"url": "https://www.suse.com/security/cve/CVE-2025-68285"
},
{
"category": "external",
"summary": "SUSE Bug 1255401 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255401"
},
{
"category": "external",
"summary": "SUSE Bug 1255402 for CVE-2025-68285",
"url": "https://bugzilla.suse.com/1255402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-68285"
},
{
"cve": "CVE-2025-68732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix race in syncpt alloc/free\n\nFix race condition between host1x_syncpt_alloc()\nand host1x_syncpt_put() by using kref_put_mutex()\ninstead of kref_put() + manual mutex locking.\n\nThis ensures no thread can acquire the\nsyncpt_mutex after the refcount drops to zero\nbut before syncpt_release acquires it.\nThis prevents races where syncpoints could\nbe allocated while still being cleaned up\nfrom a previous release.\n\nRemove explicit mutex locking in syncpt_release\nas kref_put_mutex() handles this atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68732",
"url": "https://www.suse.com/security/cve/CVE-2025-68732"
},
{
"category": "external",
"summary": "SUSE Bug 1255688 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255688"
},
{
"category": "external",
"summary": "SUSE Bug 1255689 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-68732"
},
{
"cve": "CVE-2025-68771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68771"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix kernel BUG in ocfs2_find_victim_chain\n\nsyzbot reported a kernel BUG in ocfs2_find_victim_chain() because the\n`cl_next_free_rec` field of the allocation chain list (next free slot in\nthe chain list) is 0, triggring the BUG_ON(!cl-\u003ecl_next_free_rec)\ncondition in ocfs2_find_victim_chain() and panicking the kernel.\n\nTo fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(),\njust before calling ocfs2_find_victim_chain(), the code block in it being\nexecuted when either of the following conditions is true:\n\n1. `cl_next_free_rec` is equal to 0, indicating that there are no free\nchains in the allocation chain list\n2. `cl_next_free_rec` is greater than `cl_count` (the total number of\nchains in the allocation chain list)\n\nEither of them being true is indicative of the fact that there are no\nchains left for usage.\n\nThis is addressed using ocfs2_error(), which prints\nthe error log for debugging purposes, rather than panicking the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68771",
"url": "https://www.suse.com/security/cve/CVE-2025-68771"
},
{
"category": "external",
"summary": "SUSE Bug 1256582 for CVE-2025-68771",
"url": "https://bugzilla.suse.com/1256582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-68771"
},
{
"cve": "CVE-2025-68813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() -\u003e ipv4_send_dest_unreach() -\u003e\n __ip_options_compile() -\u003e fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68813",
"url": "https://www.suse.com/security/cve/CVE-2025-68813"
},
{
"category": "external",
"summary": "SUSE Bug 1256641 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256641"
},
{
"category": "external",
"summary": "SUSE Bug 1256644 for CVE-2025-68813",
"url": "https://bugzilla.suse.com/1256644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-68813"
},
{
"cve": "CVE-2025-71089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: disable SVA when CONFIG_X86 is set\n\nPatch series \"Fix stale IOTLB entries for kernel address space\", v7.\n\nThis proposes a fix for a security vulnerability related to IOMMU Shared\nVirtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel\npage table entries. When a kernel page table page is freed and\nreallocated for another purpose, the IOMMU might still hold stale,\nincorrect entries. This can be exploited to cause a use-after-free or\nwrite-after-free condition, potentially leading to privilege escalation or\ndata corruption.\n\nThis solution introduces a deferred freeing mechanism for kernel page\ntable pages, which provides a safe window to notify the IOMMU to\ninvalidate its caches before the page is reused.\n\n\nThis patch (of 8):\n\nIn the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware\nshares and walks the CPU\u0027s page tables. The x86 architecture maps the\nkernel\u0027s virtual address space into the upper portion of every process\u0027s\npage table. Consequently, in an SVA context, the IOMMU hardware can walk\nand cache kernel page table entries.\n\nThe Linux kernel currently lacks a notification mechanism for kernel page\ntable changes, specifically when page table pages are freed and reused. \nThe IOMMU driver is only notified of changes to user virtual address\nmappings. This can cause the IOMMU\u0027s internal caches to retain stale\nentries for kernel VA.\n\nUse-After-Free (UAF) and Write-After-Free (WAF) conditions arise when\nkernel page table pages are freed and later reallocated. The IOMMU could\nmisinterpret the new data as valid page table entries. The IOMMU might\nthen walk into attacker-controlled memory, leading to arbitrary physical\nmemory DMA access or privilege escalation. This is also a\nWrite-After-Free issue, as the IOMMU will potentially continue to write\nAccessed and Dirty bits to the freed memory while attempting to walk the\nstale page tables.\n\nCurrently, SVA contexts are unprivileged and cannot access kernel\nmappings. However, the IOMMU will still walk kernel-only page tables all\nthe way down to the leaf entries, where it realizes the mapping is for the\nkernel and errors out. This means the IOMMU still caches these\nintermediate page table entries, making the described vulnerability a real\nconcern.\n\nDisable SVA on x86 architecture until the IOMMU can receive notification\nto flush the paging cache before freeing the CPU kernel page table pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71089",
"url": "https://www.suse.com/security/cve/CVE-2025-71089"
},
{
"category": "external",
"summary": "SUSE Bug 1256612 for CVE-2025-71089",
"url": "https://bugzilla.suse.com/1256612"
},
{
"category": "external",
"summary": "SUSE Bug 1256615 for CVE-2025-71089",
"url": "https://bugzilla.suse.com/1256615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-71089"
},
{
"cve": "CVE-2025-71116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make decode_pool() more resilient against corrupted osdmaps\n\nIf the osdmap is (maliciously) corrupted such that the encoded length\nof ceph_pg_pool envelope is less than what is expected for a particular\nencoding version, out-of-bounds reads may ensue because the only bounds\ncheck that is there is based on that length value.\n\nThis patch adds explicit bounds checks for each field that is decoded\nor skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71116",
"url": "https://www.suse.com/security/cve/CVE-2025-71116"
},
{
"category": "external",
"summary": "SUSE Bug 1256744 for CVE-2025-71116",
"url": "https://bugzilla.suse.com/1256744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-71116"
},
{
"cve": "CVE-2025-71120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf\n\nA zero length gss_token results in pages == 0 and in_token-\u003epages[0]\nis NULL. The code unconditionally evaluates\npage_address(in_token-\u003epages[0]) for the initial memcpy, which can\ndereference NULL even when the copy length is 0. Guard the first\nmemcpy so it only runs when length \u003e 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71120",
"url": "https://www.suse.com/security/cve/CVE-2025-71120"
},
{
"category": "external",
"summary": "SUSE Bug 1256779 for CVE-2025-71120",
"url": "https://bugzilla.suse.com/1256779"
},
{
"category": "external",
"summary": "SUSE Bug 1256780 for CVE-2025-71120",
"url": "https://bugzilla.suse.com/1256780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.142.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.142.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-09T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2025-71120"
}
]
}
SUSE-SU-2025:02853-1
Vulnerability from csaf_suse - Published: 2025-08-18 16:01 - Updated: 2025-08-18 16:01Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664 bsc#1247831).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).
- Fix dma_unmap_sg() nents value (git-fixes)
- Logitech C-270 even more broken (stable-fixes).
- Re-enable qmi_wwan for arm64 (bsc#1246113)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'drm/nouveau: check ioctl command codes better' (git-fixes).
- Revert 'drm/xe/xe2: Enable Indirect Ring State support for Xe2' (git-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- Update config files. config/x86_64/default config/arm64/default CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y (bsc#1243678)
- accel/ivpu: Remove copy engine support (stable-fixes).
- acpi: LPSS: Remove AudioDSP related ID (git-fixes).
- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).
- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- alsa: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- alsa: hda/tegra: Add Tegra264 support (stable-fixes).
- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).
- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- alsa: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).
- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- asoc: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).
- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- asoc: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- bluetooth: HCI: Set extended advertising data synchronously (git-fixes).
- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).
- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).
- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).
- bonding: Correctly support GSO ESP offload (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).
- devlink: Add support for u64 parameters (jsc#PED-12745).
- devlink: avoid param type value translations (jsc#PED-12745).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).
- documentation: ACPI: Fix parent device references (git-fixes).
- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).
- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).
- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).
- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).
- drm/amdgpu: Add kicker device detection (stable-fixes).
- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).
- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).
- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).
- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).
- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).
- drm/mediatek: only announce AFBC if really supported (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/nouveau: check ioctl command codes better (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/xe/bmg: fix compressed VRAM handling (git-fixes).
- drm/xe/guc: Dead CT helper (stable-fixes).
- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).
- drm/xe/guc_submit: add back fix (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).
- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).
- drm/xe: Fix DSB buffer coherency (stable-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Fix early wedge on GuC load failure (git-fixes).
- drm/xe: Fix taking invalid lock on wedge (stable-fixes).
- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).
- drm/xe: Replace double space with single space after comma (stable-fixes).
- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).
- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).
- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- hid: core: do not bypass hid_hw_raw_request (stable-fixes).
- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix eswitch code memory leak in reset scenario (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- input: iqs7222 - explicitly define number of external channels (git-fixes).
- input: xpad - adjust error handling for disconnect (git-fixes).
- input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- input: xpad - support Acer NGR 200 Controller (stable-fixes).
- io_uring/timeout: fix multishot updates (bsc#1247021).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).
- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).
- kABI workaround for fw_attributes_class_get() (stable-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- kvm: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).
- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-12745).
- netlink: fix policy dump for int with validation callback (jsc#PED-12745).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).
- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).
- netlink: specs: tc: replace underscores with dashes in names (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nfsv4.2: another fix for listxattr (git-fixes).
- nfsv4.2: fix listxattr to return selinux security label (git-fixes).
- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- nfsv4: Always set NLINK even if the server does not support it (git-fixes).
- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- pci/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- pci: endpoint: Fix configfs group list head handling (git-fixes).
- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).
- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).
- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).
- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: make fw_attr_class constant (stable-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: think-lmi: Fix class device unregistration (git-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- pm / devfreq: Check governor before using governor->name (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- rdma/core: Rate limit GID cache warning messages (git-fixes)
- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- rdma/hns: Drop GFP_NOWARN (git-fixes)
- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)
- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)
- rdma/hns: Fix accessing uninitialized resources (git-fixes)
- rdma/hns: Fix double destruction of rsv_qp (git-fixes)
- rdma/hns: Get message length of ack_req from FW (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- rdma/mlx5: Fix CC counters query for MPV (git-fixes)
- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- rdma/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)
- rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- rdma/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)
- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).
- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).
- thermal: trip: Use common set of trip type names (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- usb: serial: option: add Foxconn T99W640 (stable-fixes).
- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).
- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).
- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: finish link init before RCU publish (git-fixes).
- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rt2x00: fix remove callback type mismatch (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).
- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).
- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).
- x86/cpu: Expose only stepping min/max interface (git-fixes).
- x86/cpu: Introduce new microcode matching helper (git-fixes).
- x86/cpu: Move AMD erratum 1386 table over to 'x86_cpu_id' (git-fixes).
- x86/cpu: Replace PEBS use of 'x86_cpu_desc' use with 'x86_cpu_id' (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-2853,SUSE-SLE-Module-Live-Patching-15-SP7-2025-2853,SUSE-SLE-Module-RT-15-SP7-2025-2853
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664 bsc#1247831).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).\n- Fix dma_unmap_sg() nents value (git-fixes)\n- Logitech C-270 even more broken (stable-fixes).\n- Re-enable qmi_wwan for arm64 (bsc#1246113)\n- Reapply \u0027wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\u0027 (git-fixes).\n- Revert \u0027ACPI: battery: negate current when discharging\u0027 (stable-fixes).\n- Revert \u0027cgroup_freezer: cgroup_freezing: Check if not frozen\u0027 (bsc#1219338).\n- Revert \u0027drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\u0027 (stable-fixes).\n- Revert \u0027drm/nouveau: check ioctl command codes better\u0027 (git-fixes).\n- Revert \u0027drm/xe/xe2: Enable Indirect Ring State support for Xe2\u0027 (git-fixes).\n- Revert \u0027mmc: sdhci: Disable SD card clock before changing parameters\u0027 (git-fixes).\n- Revert \u0027usb: xhci: Implement xhci_handshake_check_state() helper\u0027 (git-fixes).\n- Revert \u0027vgacon: Add check for vc_origin address range in vgacon_scroll()\u0027 (stable-fixes).\n- Update config files. config/x86_64/default config/arm64/default CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING=y +CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y (bsc#1243678)\n- accel/ivpu: Remove copy engine support (stable-fixes).\n- acpi: LPSS: Remove AudioDSP related ID (git-fixes).\n- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- alsa: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).\n- alsa: hda/tegra: Add Tegra264 support (stable-fixes).\n- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- alsa: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).\n- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- asoc: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).\n- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- asoc: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).\n- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- bluetooth: HCI: Set extended advertising data synchronously (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).\n- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).\n- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).\n- bonding: Correctly support GSO ESP offload (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).\n- devlink: Add support for u64 parameters (jsc#PED-12745).\n- devlink: avoid param type value translations (jsc#PED-12745).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).\n- documentation: ACPI: Fix parent device references (git-fixes).\n- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).\n- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).\n- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).\n- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).\n- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).\n- drm/amd/display: Free memory allocation (stable-fixes).\n- drm/amd/display: fix initial backlight brightness calculation (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).\n- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).\n- drm/amdgpu: Add kicker device detection (stable-fixes).\n- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).\n- drm/amdgpu: Increase reset counter only on success (stable-fixes).\n- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).\n- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).\n- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).\n- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).\n- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).\n- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).\n- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).\n- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).\n- drm/mediatek: only announce AFBC if really supported (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/nouveau: check ioctl command codes better (git-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- drm/xe/bmg: fix compressed VRAM handling (git-fixes).\n- drm/xe/guc: Dead CT helper (stable-fixes).\n- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).\n- drm/xe/guc_submit: add back fix (git-fixes).\n- drm/xe/mocs: Initialize MOCS index early (stable-fixes).\n- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).\n- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).\n- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).\n- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).\n- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).\n- drm/xe/uapi: Correct sync type definition in comments (git-fixes).\n- drm/xe/vf: Disable CSC support on VF (git-fixes).\n- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).\n- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).\n- drm/xe: Fix DSB buffer coherency (stable-fixes).\n- drm/xe: Fix build without debugfs (git-fixes).\n- drm/xe: Fix early wedge on GuC load failure (git-fixes).\n- drm/xe: Fix taking invalid lock on wedge (stable-fixes).\n- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).\n- drm/xe: Replace double space with single space after comma (stable-fixes).\n- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).\n- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).\n- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- hid: core: do not bypass hid_hw_raw_request (stable-fixes).\n- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: fix eswitch code memory leak in reset scenario (git-fixes).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- input: iqs7222 - explicitly define number of external channels (git-fixes).\n- input: xpad - adjust error handling for disconnect (git-fixes).\n- input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- io_uring/timeout: fix multishot updates (bsc#1247021).\n- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).\n- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).\n- kABI workaround for fw_attributes_class_get() (stable-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kabi/severities: ignore two unused/dropped symbols from MEI\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- kvm: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).\n- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).\n- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).\n- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).\n- mei: vsc: Event notifier fixes (git-fixes).\n- mei: vsc: Fix \u0027BUG: Invalid wait context\u0027 lockdep error (git-fixes).\n- mei: vsc: Run event callback from a workqueue (git-fixes).\n- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).\n- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netlink: fix policy dump for int with validation callback (jsc#PED-12745).\n- netlink: fix policy dump for int with validation callback (jsc#PED-12745).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).\n- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).\n- netlink: specs: tc: replace underscores with dashes in names (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- nfs: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nfsv4.2: another fix for listxattr (git-fixes).\n- nfsv4.2: fix listxattr to return selinux security label (git-fixes).\n- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- nfsv4: Always set NLINK even if the server does not support it (git-fixes).\n- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- pci/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- pci: endpoint: Fix configfs group list head handling (git-fixes).\n- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- pci: rockchip-host: Fix \u0027Unexpected Completion\u0027 log message (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).\n- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).\n- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).\n- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).\n- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: make fw_attr_class constant (stable-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: think-lmi: Fix class device unregistration (git-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- pm / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).\n- rdma/core: Rate limit GID cache warning messages (git-fixes)\n- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- rdma/hns: Drop GFP_NOWARN (git-fixes)\n- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)\n- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- rdma/hns: Fix accessing uninitialized resources (git-fixes)\n- rdma/hns: Fix double destruction of rsv_qp (git-fixes)\n- rdma/hns: Get message length of ack_req from FW (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- rdma/mlx5: Fix CC counters query for MPV (git-fixes)\n- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- rdma/mlx5: Fix UMR modifying of mkey page size (git-fixes)\n- rdma/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)\n- rdma/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- rdma/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)\n- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).\n- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).\n- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).\n- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).\n- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- sprintf.h requires stdarg.h (git-fixes).\n- sprintf.h: mask additional include (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- supported.conf: Mark ZL3073X modules supported\n- supported.conf: add missing entries for armv7hl\n- supported.conf: move nvme-apple to optional again\n- supported.conf: sort entries again\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).\n- thermal: trip: Use common set of trip type names (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- usb: serial: option: add Foxconn T99W640 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes). \n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).\n- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).\n- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: finish link init before RCU publish (git-fixes).\n- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rt2x00: fix remove callback type mismatch (git-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).\n- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).\n- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).\n- x86/cpu: Expose only stepping min/max interface (git-fixes).\n- x86/cpu: Introduce new microcode matching helper (git-fixes).\n- x86/cpu: Move AMD erratum 1386 table over to \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/cpu: Replace PEBS use of \u0027x86_cpu_desc\u0027 use with \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2853,SUSE-SLE-Module-Live-Patching-15-SP7-2025-2853,SUSE-SLE-Module-RT-15-SP7-2025-2853",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02853-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02853-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502853-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02853-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041255.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1228664",
"url": "https://bugzilla.suse.com/1228664"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235515",
"url": "https://bugzilla.suse.com/1235515"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240998",
"url": "https://bugzilla.suse.com/1240998"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241200",
"url": "https://bugzilla.suse.com/1241200"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243042",
"url": "https://bugzilla.suse.com/1243042"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243678",
"url": "https://bugzilla.suse.com/1243678"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245084",
"url": "https://bugzilla.suse.com/1245084"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245621",
"url": "https://bugzilla.suse.com/1245621"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245664",
"url": "https://bugzilla.suse.com/1245664"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245686",
"url": "https://bugzilla.suse.com/1245686"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245812",
"url": "https://bugzilla.suse.com/1245812"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245955",
"url": "https://bugzilla.suse.com/1245955"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246113",
"url": "https://bugzilla.suse.com/1246113"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246134",
"url": "https://bugzilla.suse.com/1246134"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246179",
"url": "https://bugzilla.suse.com/1246179"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246188",
"url": "https://bugzilla.suse.com/1246188"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246217",
"url": "https://bugzilla.suse.com/1246217"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246285",
"url": "https://bugzilla.suse.com/1246285"
},
{
"category": "self",
"summary": "SUSE Bug 1246286",
"url": "https://bugzilla.suse.com/1246286"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246290",
"url": "https://bugzilla.suse.com/1246290"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246297",
"url": "https://bugzilla.suse.com/1246297"
},
{
"category": "self",
"summary": "SUSE Bug 1246333",
"url": "https://bugzilla.suse.com/1246333"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246385",
"url": "https://bugzilla.suse.com/1246385"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246443",
"url": "https://bugzilla.suse.com/1246443"
},
{
"category": "self",
"summary": "SUSE Bug 1246449",
"url": "https://bugzilla.suse.com/1246449"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246644",
"url": "https://bugzilla.suse.com/1246644"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247021",
"url": "https://bugzilla.suse.com/1247021"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247062",
"url": "https://bugzilla.suse.com/1247062"
},
{
"category": "self",
"summary": "SUSE Bug 1247064",
"url": "https://bugzilla.suse.com/1247064"
},
{
"category": "self",
"summary": "SUSE Bug 1247079",
"url": "https://bugzilla.suse.com/1247079"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247152",
"url": "https://bugzilla.suse.com/1247152"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247234",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247265",
"url": "https://bugzilla.suse.com/1247265"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247282",
"url": "https://bugzilla.suse.com/1247282"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247308",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247831",
"url": "https://bugzilla.suse.com/1247831"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38047 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38114 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38238 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38265 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38299 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38417 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38427 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38453 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38475 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-18T16:01:54Z",
"generator": {
"date": "2025-08-18T16:01:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02853-1",
"initial_release_date": "2025-08-18T16:01:54Z",
"revision_history": [
{
"date": "2025-08-18T16:01:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150700.7.13.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150700.7.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150700.7.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP7",
"product": {
"name": "SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150700.7.13.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150700.7.13.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-42134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev-\u003eis_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev-\u003eis_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev-\u003eis_avq.\n\n[fix]\nCheck whether it is vp_dev-\u003eis_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42134",
"url": "https://www.suse.com/security/cve/CVE-2024-42134"
},
{
"category": "external",
"summary": "SUSE Bug 1228664 for CVE-2024-42134",
"url": "https://bugzilla.suse.com/1228664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-42134"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38047",
"url": "https://www.suse.com/security/cve/CVE-2025-38047"
},
{
"category": "external",
"summary": "SUSE Bug 1245084 for CVE-2025-38047",
"url": "https://bugzilla.suse.com/1245084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38047"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38091",
"url": "https://www.suse.com/security/cve/CVE-2025-38091"
},
{
"category": "external",
"summary": "SUSE Bug 1245621 for CVE-2025-38091",
"url": "https://bugzilla.suse.com/1245621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38091"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq-\u003ethread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq-\u003ethread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx-\u003euring_lock does not prevent ehre\nrelase or exit of sq-\u003ethread.\n\nFix this by assigning and looking up -\u003ethread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38106",
"url": "https://www.suse.com/security/cve/CVE-2025-38106"
},
{
"category": "external",
"summary": "SUSE Bug 1245664 for CVE-2025-38106",
"url": "https://bugzilla.suse.com/1245664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38106"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38114",
"url": "https://www.suse.com/security/cve/CVE-2025-38114"
},
{
"category": "external",
"summary": "SUSE Bug 1245686 for CVE-2025-38114",
"url": "https://bugzilla.suse.com/1245686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38114"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | \u2192 sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()\n\nBefore the commit under the Fixes tag below, bnxt_ulp_stop() and\nbnxt_ulp_start() were always invoked in pairs. After that commit,\nthe new bnxt_ulp_restart() can be invoked after bnxt_ulp_stop()\nhas been called. This may result in the RoCE driver\u0027s aux driver\n.suspend() method being invoked twice. The 2nd bnxt_re_suspend()\ncall will crash when it dereferences a NULL pointer:\n\n(NULL ib_device): Handle device suspend call\nBUG: kernel NULL pointer dereference, address: 0000000000000b78\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 20 UID: 0 PID: 181 Comm: kworker/u96:5 Tainted: G S 6.15.0-rc1 #4 PREEMPT(voluntary)\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\nWorkqueue: bnxt_pf_wq bnxt_sp_task [bnxt_en]\nRIP: 0010:bnxt_re_suspend+0x45/0x1f0 [bnxt_re]\nCode: 8b 05 a7 3c 5b f5 48 89 44 24 18 31 c0 49 8b 5c 24 08 4d 8b 2c 24 e8 ea 06 0a f4 48 c7 c6 04 60 52 c0 48 89 df e8 1b ce f9 ff \u003c48\u003e 8b 83 78 0b 00 00 48 8b 80 38 03 00 00 a8 40 0f 85 b5 00 00 00\nRSP: 0018:ffffa2e84084fd88 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffffb4b6b934 RDI: 00000000ffffffff\nRBP: ffffa1760954c9c0 R08: 0000000000000000 R09: c0000000ffffdfff\nR10: 0000000000000001 R11: ffffa2e84084fb50 R12: ffffa176031ef070\nR13: ffffa17609775000 R14: ffffa17603adc180 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa17daa397000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000b78 CR3: 00000004aaa30003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nbnxt_ulp_stop+0x69/0x90 [bnxt_en]\nbnxt_sp_task+0x678/0x920 [bnxt_en]\n? __schedule+0x514/0xf50\nprocess_scheduled_works+0x9d/0x400\nworker_thread+0x11c/0x260\n? __pfx_worker_thread+0x10/0x10\nkthread+0xfe/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x2b/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nCheck the BNXT_EN_FLAG_ULP_STOPPED flag and do not proceed if the flag\nis already set. This will preserve the original symmetrical\nbnxt_ulp_stop() and bnxt_ulp_start().\n\nAlso, inside bnxt_ulp_start(), clear the BNXT_EN_FLAG_ULP_STOPPED\nflag after taking the mutex to avoid any race condition. And for\nsymmetry, only proceed in bnxt_ulp_start() if the\nBNXT_EN_FLAG_ULP_STOPPED is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38186",
"url": "https://www.suse.com/security/cve/CVE-2025-38186"
},
{
"category": "external",
"summary": "SUSE Bug 1245955 for CVE-2025-38186",
"url": "https://bugzilla.suse.com/1245955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38186"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can\u0027t update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don\u0027t u\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38189",
"url": "https://www.suse.com/security/cve/CVE-2025-38189"
},
{
"category": "external",
"summary": "SUSE Bug 1245812 for CVE-2025-38189",
"url": "https://bugzilla.suse.com/1245812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38189"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\n\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\nsend ABTS for each of them. On send completion, this causes an attempt to\nfree the same frame twice that leads to a crash.\n\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\nlogic accordingly.\n\nTested by checking MDS for FDMI information.\n\nTested by using instrumented driver to:\n\n - Drop PLOGI response\n - Drop RHBA response\n - Drop RPA response\n - Drop RHBA and RPA response\n - Drop PLOGI response + ABTS response\n - Drop RHBA response + ABTS response\n - Drop RPA response + ABTS response\n - Drop RHBA and RPA response + ABTS response for both of them",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38238",
"url": "https://www.suse.com/security/cve/CVE-2025-38238"
},
{
"category": "external",
"summary": "SUSE Bug 1246179 for CVE-2025-38238",
"url": "https://bugzilla.suse.com/1246179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38238"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it\u0027s wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38256",
"url": "https://www.suse.com/security/cve/CVE-2025-38256"
},
{
"category": "external",
"summary": "SUSE Bug 1246188 for CVE-2025-38256",
"url": "https://bugzilla.suse.com/1246188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38256"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n \u003cTASK\u003e\n serial_core_register_port+0x1a0/0x580\n ? __setup_irq+0x39c/0x660\n ? __kmalloc_cache_noprof+0x111/0x310\n jsm_uart_port_init+0xe8/0x180 [jsm]\n jsm_probe_one+0x1f4/0x410 [jsm]\n local_pci_probe+0x42/0x90\n pci_device_probe+0x22f/0x270\n really_probe+0xdb/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8c/0xe0\n bus_add_driver+0x112/0x1f0\n driver_register+0x72/0xd0\n jsm_init_module+0x36/0xff0 [jsm]\n ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n do_one_initcall+0x58/0x310\n do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38265",
"url": "https://www.suse.com/security/cve/CVE-2025-38265"
},
{
"category": "external",
"summary": "SUSE Bug 1246244 for CVE-2025-38265",
"url": "https://bugzilla.suse.com/1246244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38265"
},
{
"cve": "CVE-2025-38268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver\u0027s cancel_work_sync call.\n\nBecause the state check isn\u0027t protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][ C7] Call trace:\n[110121.667396][ C7] __switch_to+0x174/0x338\n[110121.667406][ C7] __schedule+0x608/0x9f0\n[110121.667414][ C7] schedule+0x7c/0xe8\n[110121.667423][ C7] kernfs_drain+0xb0/0x114\n[110121.667431][ C7] __kernfs_remove+0x16c/0x20c\n[110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][ C7] sysfs_remove_group+0x84/0xe8\n[110121.667450][ C7] sysfs_remove_groups+0x34/0x58\n[110121.667458][ C7] device_remove_groups+0x10/0x20\n[110121.667464][ C7] device_release_driver_internal+0x164/0x2e4\n[110121.667475][ C7] device_release_driver+0x18/0x28\n[110121.667484][ C7] bus_remove_device+0xec/0x118\n[110121.667491][ C7] device_del+0x1e8/0x4ac\n[110121.667498][ C7] device_unregister+0x18/0x38\n[110121.667504][ C7] typec_unregister_altmode+0x30/0x44\n[110121.667515][ C7] tcpm_reset_port+0xac/0x370\n[110121.667523][ C7] tcpm_snk_detach+0x84/0xb8\n[110121.667529][ C7] run_state_machine+0x4c0/0x1b68\n[110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4\n[110121.667544][ C7] kthread_worker_fn+0x10c/0x244\n[110121.667552][ C7] kthread+0x104/0x1d4\n[110121.667557][ C7] ret_from_fork+0x10/0x20\n\n[110121.667689][ C7] Workqueue: events dp_altmode_work\n[110121.667697][ C7] Call trace:\n[110121.667701][ C7] __switch_to+0x174/0x338\n[110121.667710][ C7] __schedule+0x608/0x9f0\n[110121.667717][ C7] schedule+0x7c/0xe8\n[110121.667725][ C7] schedule_preempt_disabled+0x24/0x40\n[110121.667733][ C7] __mutex_lock+0x408/0xdac\n[110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24\n[110121.667748][ C7] mutex_lock+0x40/0xec\n[110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4\n[110121.667764][ C7] typec_altmode_enter+0xdc/0x10c\n[110121.667769][ C7] dp_altmode_work+0x68/0x164\n[110121.667775][ C7] process_one_work+0x1e4/0x43c\n[110121.667783][ C7] worker_thread+0x25c/0x430\n[110121.667789][ C7] kthread+0x104/0x1d4\n[110121.667794][ C7] ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38268",
"url": "https://www.suse.com/security/cve/CVE-2025-38268"
},
{
"category": "external",
"summary": "SUSE Bug 1246385 for CVE-2025-38268",
"url": "https://bugzilla.suse.com/1246385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38268"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/cm: Drop lockdep assert and WARN when freeing old msg\n\nThe send completion handler can run after cm_id has advanced to another\nmessage. The cm_id lock is not needed in this case, but a recent change\nre-used cm_free_priv_msg(), which asserts that the lock is held and\nWARNs if the cm_id\u0027s currently outstanding msg is different than the one\nbeing freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38287",
"url": "https://www.suse.com/security/cve/CVE-2025-38287"
},
{
"category": "external",
"summary": "SUSE Bug 1246285 for CVE-2025-38287",
"url": "https://bugzilla.suse.com/1246285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38287"
},
{
"cve": "CVE-2025-38288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel: check_preemption_disabled: 436 callbacks suppressed\nkernel: BUG: using smp_processor_id() in preemptible [00000000]\n code: kworker/u1025:0/2354\nkernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel: ...\nkernel: Workqueue: writeback wb_workfn (flush-253:0)\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x34/0x48\nkernel: check_preemption_disabled+0xdd/0xe0\nkernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38288",
"url": "https://www.suse.com/security/cve/CVE-2025-38288"
},
{
"category": "external",
"summary": "SUSE Bug 1246286 for CVE-2025-38288",
"url": "https://bugzilla.suse.com/1246286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38288"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Prevent sending WMI commands to firmware during firmware crash\n\nCurrently, we encounter the following kernel call trace when a firmware\ncrash occurs. This happens because the host sends WMI commands to the\nfirmware while it is in recovery, causing the commands to fail and\nresulting in the kernel call trace.\n\nSet the ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY flags when the\nhost driver receives the firmware crash notification from MHI. This\nprevents sending WMI commands to the firmware during recovery.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x75/0xc0\n register_lock_class+0x6be/0x7a0\n ? __lock_acquire+0x644/0x19a0\n __lock_acquire+0x95/0x19a0\n lock_acquire+0x265/0x310\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ? find_held_lock+0x34/0xa0\n ? ath12k_ce_send+0x56/0x210 [ath12k]\n _raw_spin_lock_bh+0x33/0x70\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_htc_send+0x178/0x390 [ath12k]\n ath12k_wmi_cmd_send_nowait+0x76/0xa0 [ath12k]\n ath12k_wmi_cmd_send+0x62/0x190 [ath12k]\n ath12k_wmi_pdev_bss_chan_info_request+0x62/0xc0 [ath1\n ath12k_mac_op_get_survey+0x2be/0x310 [ath12k]\n ieee80211_dump_survey+0x99/0x240 [mac80211]\n nl80211_dump_survey+0xe7/0x470 [cfg80211]\n ? kmalloc_reserve+0x59/0xf0\n genl_dumpit+0x24/0x70\n netlink_dump+0x177/0x360\n __netlink_dump_start+0x206/0x280\n genl_family_rcv_msg_dumpit.isra.22+0x8a/0xe0\n ? genl_family_rcv_msg_attrs_parse.isra.23+0xe0/0xe0\n ? genl_op_lock.part.12+0x10/0x10\n ? genl_dumpit+0x70/0x70\n genl_rcv_msg+0x1d0/0x290\n ? nl80211_del_station+0x330/0x330 [cfg80211]\n ? genl_get_cmd_both+0x50/0x50\n netlink_rcv_skb+0x4f/0x100\n genl_rcv+0x1f/0x30\n netlink_unicast+0x1b6/0x260\n netlink_sendmsg+0x31a/0x450\n __sock_sendmsg+0xa8/0xb0\n ____sys_sendmsg+0x1e4/0x260\n ___sys_sendmsg+0x89/0xe0\n ? local_clock_noinstr+0xb/0xc0\n ? rcu_is_watching+0xd/0x40\n ? kfree+0x1de/0x370\n ? __sys_sendmsg+0x7a/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38291",
"url": "https://www.suse.com/security/cve/CVE-2025-38291"
},
{
"category": "external",
"summary": "SUSE Bug 1246297 for CVE-2025-38291",
"url": "https://bugzilla.suse.com/1246297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38291"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()\n\nETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),\nin the case the codec dai_name will be null.\n\nAvoid a crash if the device tree is not assigning a codec\nto these links.\n\n[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 1.181065] Mem abort info:\n[ 1.181420] ESR = 0x0000000096000004\n[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.182576] SET = 0, FnV = 0\n[ 1.182964] EA = 0, S1PTW = 0\n[ 1.183367] FSC = 0x04: level 0 translation fault\n[ 1.183983] Data abort info:\n[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.186439] [0000000000000000] user address but active_mm is swapper\n[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1.188029] Modules linked in:\n[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85\n[ 1.189515] Hardware name: Radxa NIO 12L (DT)\n[ 1.190065] Workqueue: events_unbound deferred_probe_work_func\n[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.191683] pc : __pi_strcmp+0x24/0x140\n[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0\n[ 1.192854] sp : ffff800083473970\n[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002\n[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88\n[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8\n[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff\n[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006\n[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374\n[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018\n[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d\n[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000\n[ 1.202236] Call trace:\n[ 1.202545] __pi_strcmp+0x24/0x140 (P)\n[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8\n[ 1.203644] platform_probe+0x70/0xe8\n[ 1.204106] really_probe+0xc8/0x3a0\n[ 1.204556] __driver_probe_device+0x84/0x160\n[ 1.205104] driver_probe_device+0x44/0x130\n[ 1.205630] __device_attach_driver+0xc4/0x170\n[ 1.206189] bus_for_each_drv+0x8c/0xf8\n[ 1.206672] __device_attach+0xa8/0x1c8\n[ 1.207155] device_initial_probe+0x1c/0x30\n[ 1.207681] bus_probe_device+0xb0/0xc0\n[ 1.208165] deferred_probe_work_func+0xa4/0x100\n[ 1.208747] process_one_work+0x158/0x3e0\n[ 1.209254] worker_thread+0x2c4/0x3e8\n[ 1.209727] kthread+0x134/0x1f0\n[ 1.210136] ret_from_fork+0x10/0x20\n[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)\n[ 1.211355] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38299",
"url": "https://www.suse.com/security/cve/CVE-2025-38299"
},
{
"category": "external",
"summary": "SUSE Bug 1246290 for CVE-2025-38299",
"url": "https://bugzilla.suse.com/1246290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38299"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Check dsbr size from EFI variable\n\nSince the size of struct btintel_dsbr is already known, we can just\nstart there instead of querying the EFI variable size. If the final\nresult doesn\u0027t match what we expect also fail. This fixes a stack buffer\noverflow when the EFI variable is larger than struct btintel_dsbr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38315",
"url": "https://www.suse.com/security/cve/CVE-2025-38315"
},
{
"category": "external",
"summary": "SUSE Bug 1246333 for CVE-2025-38315",
"url": "https://bugzilla.suse.com/1246333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38315"
},
{
"cve": "CVE-2025-38317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix buffer overflow in debugfs\n\nIf the user tries to write more than 32 bytes then it results in memory\ncorruption. Fortunately, this is debugfs so it\u0027s limited to root users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38317",
"url": "https://www.suse.com/security/cve/CVE-2025-38317"
},
{
"category": "external",
"summary": "SUSE Bug 1246443 for CVE-2025-38317",
"url": "https://bugzilla.suse.com/1246443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38317"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38353",
"url": "https://www.suse.com/security/cve/CVE-2025-38353"
},
{
"category": "external",
"summary": "SUSE Bug 1247265 for CVE-2025-38353",
"url": "https://bugzilla.suse.com/1247265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38353"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Process deferred GGTT node removals on device unwind\n\nWhile we are indirectly draining our dedicated workqueue ggtt-\u003ewq\nthat we use to complete asynchronous removal of some GGTT nodes,\nthis happends as part of the managed-drm unwinding (ggtt_fini_early),\nwhich could be later then manage-device unwinding, where we could\nalready unmap our MMIO/GMS mapping (mmio_fini).\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747340 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747540 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747240 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747040 tiles_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746840 mmio_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747f40 xe_bo_pinned_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746b40 devm_drm_dev_init_release (16 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] drmres release begin\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef81640 __fini_relay (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80d40 guc_ct_fini (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80040 __drmm_mutex_release (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80140 ggtt_fini_early (8 bytes)\n\nand this was leading to:\n\n [ ] BUG: unable to handle page fault for address: ffffc900058162a0\n [ ] #PF: supervisor write access in kernel mode\n [ ] #PF: error_code(0x0002) - not-present page\n [ ] Oops: Oops: 0002 [#1] SMP NOPTI\n [ ] Tainted: [W]=WARN\n [ ] Workqueue: xe-ggtt-wq ggtt_node_remove_work_func [xe]\n [ ] RIP: 0010:xe_ggtt_set_pte+0x6d/0x350 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] xe_ggtt_clear+0xb0/0x270 [xe]\n [ ] ggtt_node_remove+0xbb/0x120 [xe]\n [ ] ggtt_node_remove_work_func+0x30/0x50 [xe]\n [ ] process_one_work+0x22b/0x6f0\n [ ] worker_thread+0x1e8/0x3d\n\nAdd managed-device action that will explicitly drain the workqueue\nwith all pending node removals prior to releasing MMIO/GSM mapping.\n\n(cherry picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38355",
"url": "https://www.suse.com/security/cve/CVE-2025-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1247062 for CVE-2025-38355",
"url": "https://bugzilla.suse.com/1247062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38355"
},
{
"cve": "CVE-2025-38356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38356",
"url": "https://www.suse.com/security/cve/CVE-2025-38356"
},
{
"category": "external",
"summary": "SUSE Bug 1247064 for CVE-2025-38356",
"url": "https://bugzilla.suse.com/1247064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38356"
},
{
"cve": "CVE-2025-38361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38361",
"url": "https://www.suse.com/security/cve/CVE-2025-38361"
},
{
"category": "external",
"summary": "SUSE Bug 1247079 for CVE-2025-38361",
"url": "https://bugzilla.suse.com/1247079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38361"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n \u2192 revoke_mr() |\n \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | \u2192 mlx5r_cache_create_ent_locked()\n | \u2192 kzalloc(GFP_KERNEL)\n | \u2192 fs_reclaim()\n | \u2192 mmu_notifier_invalidate_range_start()\n | \u2192 mlx5_ib_invalidate_range()\n | \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n \u2192 cache_ent_find_and_store() |\n \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n comm \"bash\", pid 1784, jiffies 4295743894\n hex dump (first 32 bytes on cpu 45):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n pcpu_alloc_noprof+0x4c4/0x7c0\n ice_repr_create+0x66/0x130 [ice]\n ice_repr_create_vf+0x22/0x70 [ice]\n ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n ice_pci_err_resume+0x3b/0xb0 [ice]\n pci_reset_function+0x8f/0x120\n reset_store+0x56/0xa0\n kernfs_fop_write_iter+0x120/0x1b0\n vfs_write+0x31c/0x430\n ksys_write+0x61/0xd0\n do_syscall_64+0x5b/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n echo 1 \u003e /sys/class/net/ethX/device/reset",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38417",
"url": "https://www.suse.com/security/cve/CVE-2025-38417"
},
{
"category": "external",
"summary": "SUSE Bug 1247282 for CVE-2025-38417",
"url": "https://bugzilla.suse.com/1247282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38417"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38427"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38427",
"url": "https://www.suse.com/security/cve/CVE-2025-38427"
},
{
"category": "external",
"summary": "SUSE Bug 1247152 for CVE-2025-38427",
"url": "https://bugzilla.suse.com/1247152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38427"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38453"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38453",
"url": "https://www.suse.com/security/cve/CVE-2025-38453"
},
{
"category": "external",
"summary": "SUSE Bug 1247234 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "external",
"summary": "SUSE Bug 1247737 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38453"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet\u0027s add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38475",
"url": "https://www.suse.com/security/cve/CVE-2025-38475"
},
{
"category": "external",
"summary": "SUSE Bug 1247308 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "external",
"summary": "SUSE Bug 1247309 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_13-rt-1-150700.1.5.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.13.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.13.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-18T16:01:54Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2025:02997-1
Vulnerability from csaf_suse - Published: 2025-08-27 12:04 - Updated: 2025-08-27 12:04Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-11135: enabled CONFIG_X86_INTEL_TSX_MODE_AUTO (bsc#1139073, bsc#1246695)
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-39298:mm/memory-failure: fix handling of dissolved but not taken off from buddy pages (bsc#1227082).
- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: kABI workaround for bpf: Do not include stack ptr register in precision backtracking bookkeeping (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- accel/ivpu: Remove copy engine support (stable-fixes).
- acpi: LPSS: Remove AudioDSP related ID (git-fixes).
- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).
- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- alsa: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- alsa: hda/tegra: Add Tegra264 support (stable-fixes).
- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).
- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- alsa: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).
- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- asoc: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).
- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- asoc: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- bluetooth: HCI: Set extended advertising data synchronously (git-fixes).
- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).
- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).
- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).
- bonding: Correctly support GSO ESP offload (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).
- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).
- devlink: Add support for u64 parameters (jsc#PED-12745).
- devlink: Add support for u64 parameters (jsc#PED-12745).
- devlink: avoid param type value translations (jsc#PED-12745).
- devlink: avoid param type value translations (jsc#PED-12745).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).
- documentation/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).
- documentation: ACPI: Fix parent device references (git-fixes).
- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).
- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).
- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).
- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).
- drm/amdgpu: Add kicker device detection (stable-fixes).
- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).
- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).
- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).
- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).
- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).
- drm/mediatek: only announce AFBC if really supported (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/nouveau: check ioctl command codes better (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/xe/bmg: fix compressed VRAM handling (git-fixes).
- drm/xe/guc: Dead CT helper (stable-fixes).
- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).
- drm/xe/guc_submit: add back fix (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).
- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).
- drm/xe: Fix DSB buffer coherency (stable-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Fix early wedge on GuC load failure (git-fixes).
- drm/xe: Fix taking invalid lock on wedge (stable-fixes).
- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).
- drm/xe: Replace double space with single space after comma (stable-fixes).
- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).
- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).
- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).
- enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fix dma_unmap_sg() nents value (git-fixes)
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- hid: core: do not bypass hid_hw_raw_request (stable-fixes).
- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix eswitch code memory leak in reset scenario (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- input: iqs7222 - explicitly define number of external channels (git-fixes).
- input: xpad - adjust error handling for disconnect (git-fixes).
- input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- input: xpad - support Acer NGR 200 Controller (stable-fixes).
- io_uring/timeout: fix multishot updates (bsc#1247021).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).
- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).
- kABI workaround for fw_attributes_class_get() (stable-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 ('kernel-obs-qa: Use srchash for dependency as well')
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- kvm: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- logitech C-270 even more broken (stable-fixes).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).
- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).
- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-12745).
- netlink: fix policy dump for int with validation callback (jsc#PED-12745).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).
- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).
- netlink: specs: tc: replace underscores with dashes in names (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nfsv4.2: another fix for listxattr (git-fixes).
- nfsv4.2: fix listxattr to return selinux security label (git-fixes).
- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- nfsv4: Always set NLINK even if the server does not support it (git-fixes).
- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- pci: endpoint: Fix configfs group list head handling (git-fixes).
- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).
- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).
- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).
- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: make fw_attr_class constant (stable-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).
- platform/x86: think-lmi: Fix class device unregistration (git-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- pm / devfreq: Check governor before using governor->name (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- rdma/core: Rate limit GID cache warning messages (git-fixes)
- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- rdma/hns: Drop GFP_NOWARN (git-fixes)
- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)
- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)
- rdma/hns: Fix accessing uninitialized resources (git-fixes)
- rdma/hns: Fix double destruction of rsv_qp (git-fixes)
- rdma/hns: Get message length of ack_req from FW (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- rdma/mlx5: Fix CC counters query for MPV (git-fixes)
- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- rdma/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)
- rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- rdma/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)
- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- re-enable qmi_wwan for arm64 (bsc#1246113)
- reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- revert 'drm/nouveau: check ioctl command codes better' (git-fixes).
- revert 'drm/xe/xe2: Enable Indirect Ring State support for Xe2' (git-fixes).
- revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).
- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).
- thermal: trip: Use common set of trip type names (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- update config files (bsc#1243678)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- usb: serial: option: add Foxconn T99W640 (stable-fixes).
- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).
- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).
- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: finish link init before RCU publish (git-fixes).
- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rt2x00: fix remove callback type mismatch (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).
- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).
- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).
- x86/cpu: Expose only stepping min/max interface (git-fixes).
- x86/cpu: Introduce new microcode matching helper (git-fixes).
- x86/cpu: Move AMD erratum 1386 table over to 'x86_cpu_id' (git-fixes).
- x86/cpu: Replace PEBS use of 'x86_cpu_desc' use with 'x86_cpu_id' (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-2997,SUSE-SLE-Module-Basesystem-15-SP7-2025-2997,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2997,SUSE-SLE-Module-Legacy-15-SP7-2025-2997,SUSE-SLE-Module-Live-Patching-15-SP7-2025-2997,SUSE-SLE-Product-HA-15-SP7-2025-2997,SUSE-SLE-Product-WE-15-SP7-2025-2997
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2019-11135: enabled CONFIG_X86_INTEL_TSX_MODE_AUTO (bsc#1139073, bsc#1246695)\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-39298:mm/memory-failure: fix handling of dissolved but not taken off from buddy pages (bsc#1227082).\n- CVE-2024-42134: virtio-pci: Check if is_avq is NULL (bsc#1228664).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38047: x86/fred: Fix system hang during S4 resume with FRED enabled (bsc#1245084).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: kABI workaround for bpf: Do not include stack ptr register in precision backtracking bookkeeping (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- accel/ivpu: Remove copy engine support (stable-fixes).\n- acpi: LPSS: Remove AudioDSP related ID (git-fixes).\n- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- alsa: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).\n- alsa: hda/tegra: Add Tegra264 support (stable-fixes).\n- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- alsa: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).\n- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- asoc: fsl_sai: Force a software reset when starting in consumer mode (git-fixes).\n- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- asoc: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).\n- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- bluetooth: HCI: Set extended advertising data synchronously (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (git-fixes).\n- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_core: add missing braces when using macro parameters (git-fixes).\n- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes).\n- bonding: Correctly support GSO ESP offload (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: hkdf - skip TVs with unapproved salt lengths in FIPS mode (bsc#1241200 bsc#1246134).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).\n- dax: add a sysfs knob to control memmap_on_memory behavior (bsc#1235515,jsc#PED-12731).\n- devlink: Add support for u64 parameters (jsc#PED-12745).\n- devlink: Add support for u64 parameters (jsc#PED-12745).\n- devlink: avoid param type value translations (jsc#PED-12745).\n- devlink: avoid param type value translations (jsc#PED-12745).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).\n- devlink: define enum for attr types of dynamic attributes (jsc#PED-12745).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).\n- devlink: introduce devlink_nl_put_u64() (jsc#PED-12745).\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- documentatiion/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).\n- documentation/ABI: add ABI documentation for sys-bus-dax (bsc#1235515,jsc#PED-12731).\n- documentation: ACPI: Fix parent device references (git-fixes).\n- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).\n- dpll: Add basic Microchip ZL3073x support (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).\n- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-12745).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).\n- dpll: zl3073x: Fetch invariants during probe (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).\n- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-12745).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).\n- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-12745).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).\n- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-12745).\n- drm/amd/display: Check dce_hwseq before dereferencing it (stable-fixes).\n- drm/amd/display: Correct non-OLED pre_T11_delay (stable-fixes).\n- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/display: Fix RMCM programming seq errors (stable-fixes).\n- drm/amd/display: Fix mpv playback corruption on weston (stable-fixes).\n- drm/amd/display: Free memory allocation (stable-fixes).\n- drm/amd/display: fix initial backlight brightness calculation (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (stable-fixes).\n- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).\n- drm/amdgpu/ip_discovery: add missing ip_discovery fw (stable-fixes).\n- drm/amdgpu: Add kicker device detection (stable-fixes).\n- drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences (stable-fixes).\n- drm/amdgpu: Increase reset counter only on success (stable-fixes).\n- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).\n- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).\n- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdgpu: seq64 memory unmap uses uninterruptible lock (stable-fixes).\n- drm/amdkfd: Do not call mmput from MMU notifier callback (git-fixes).\n- drm/amdkfd: Fix instruction hazard in gfx12 trap handler (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/amdkfd: remove gfx 12 trap handler page size cap (stable-fixes).\n- drm/bridge: aux-hpd-bridge: fix assignment of the of_node (git-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).\n- drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/imagination: Fix kernel crash when hard resetting the GPU (git-fixes).\n- drm/mediatek: Add wait_event_timeout when disabling plane (git-fixes).\n- drm/mediatek: only announce AFBC if really supported (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/nouveau: check ioctl command codes better (git-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/v3d: Disable interrupts before resetting the GPU (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- drm/xe/bmg: fix compressed VRAM handling (git-fixes).\n- drm/xe/guc: Dead CT helper (stable-fixes).\n- drm/xe/guc: Explicitly exit CT safe mode on unwind (git-fixes).\n- drm/xe/guc_submit: add back fix (git-fixes).\n- drm/xe/mocs: Initialize MOCS index early (stable-fixes).\n- drm/xe/pf: Clear all LMTT pages on alloc (git-fixes).\n- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).\n- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).\n- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).\n- drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (git-fixes).\n- drm/xe/uapi: Correct sync type definition in comments (git-fixes).\n- drm/xe/vf: Disable CSC support on VF (git-fixes).\n- drm/xe: Allocate PF queue size on pow2 boundary (git-fixes).\n- drm/xe: Allow bo mapping on multiple ggtts (stable-fixes).\n- drm/xe: Fix DSB buffer coherency (stable-fixes).\n- drm/xe: Fix build without debugfs (git-fixes).\n- drm/xe: Fix early wedge on GuC load failure (git-fixes).\n- drm/xe: Fix taking invalid lock on wedge (stable-fixes).\n- drm/xe: Move DSB l2 flush to a more sensible place (git-fixes).\n- drm/xe: Replace double space with single space after comma (stable-fixes).\n- drm/xe: add interface to request physical alignment for buffer objects (stable-fixes).\n- drm/xe: move DPT l2 flush to a more sensible place (git-fixes).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).\n- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-12745).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).\n- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-12745).\n- e1000: Move cancel_work_sync to avoid deadlock (git-fixes).\n- enable SMC_LO (a.k.a SMC-D) (jsc#PED-13248).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fix dma_unmap_sg() nents value (git-fixes)\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- hid: core: do not bypass hid_hw_raw_request (stable-fixes).\n- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- ice, irdma: fix an off by one in error handling code (bsc#1247712).\n- ice, irdma: move interrupts code to irdma (bsc#1247712).\n- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).\n- ice: count combined queues using Rx/Tx count (bsc#1247712).\n- ice: devlink PF MSI-X max and min parameter (bsc#1247712).\n- ice: enable_rdma devlink param (bsc#1247712).\n- ice: fix eswitch code memory leak in reset scenario (git-fixes).\n- ice: get rid of num_lan_msix field (bsc#1247712).\n- ice: init flow director before RDMA (bsc#1247712).\n- ice: remove splitting MSI-X between features (bsc#1247712).\n- ice: simplify VF MSI-X managing (bsc#1247712).\n- ice: treat dyn_allowed only as suggestion (bsc#1247712).\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- input: iqs7222 - explicitly define number of external channels (git-fixes).\n- input: xpad - adjust error handling for disconnect (git-fixes).\n- input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- io_uring/timeout: fix multishot updates (bsc#1247021).\n- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- irdma: free iwdev-\u003erf after removing MSI-X (bsc#1247712).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).\n- kABI fixes for struct memory_block changes (bsc#1235515,jsc#PED-12731).\n- kABI workaround for fw_attributes_class_get() (stable-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kabi/severities: ignore two unused/dropped symbols from MEI\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 (\u0027kernel-obs-qa: Use srchash for dependency as well\u0027)\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- kvm: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- logitech C-270 even more broken (stable-fixes).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).\n- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).\n- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).\n- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).\n- mei: vsc: Event notifier fixes (git-fixes).\n- mei: vsc: Fix \u0027BUG: Invalid wait context\u0027 lockdep error (git-fixes).\n- mei: vsc: Run event callback from a workqueue (git-fixes).\n- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow architecture to override memmap on memory support check (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: allow memmap on memory hotplug request to fallback (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: embed vmem_altmap details in memory block (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: export mhp_supports_memmap_on_memory() (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (git-fixes).\n- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: replace an open-coded kmemdup() in (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: simplify ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE kconfig (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: split memmap_on_memory requests across memblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).\n- mm/memory_hotplug: support memmap_on_memory when memmap is not aligned to pageblocks (bsc#1235515,jsc#PED-12731).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net/smc: Fix lookup of netdev by using ib_device_get_netdev() (git-fixes bsc#1246217).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netlink: fix policy dump for int with validation callback (jsc#PED-12745).\n- netlink: fix policy dump for int with validation callback (jsc#PED-12745).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).\n- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-12745).\n- netlink: specs: nfsd: replace underscores with dashes in names (git-fixes).\n- netlink: specs: tc: replace underscores with dashes in names (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- nfs: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nfsv4.2: another fix for listxattr (git-fixes).\n- nfsv4.2: fix listxattr to return selinux security label (git-fixes).\n- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- nfsv4: Always set NLINK even if the server does not support it (git-fixes).\n- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- pci: endpoint: Fix configfs group list head handling (git-fixes).\n- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- pci: rockchip-host: Fix \u0027Unexpected Completion\u0027 log message (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).\n- platform/x86: dell-sysman: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).\n- platform/x86: firmware_attributes_class: Move include linux/device/class.h (stable-fixes).\n- platform/x86: firmware_attributes_class: Simplify API (stable-fixes).\n- platform/x86: hp-bioscfg: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: hp-bioscfg: Fix class device unregistration (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: make fw_attr_class constant (stable-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Directly use firmware_attributes_class (stable-fixes).\n- platform/x86: think-lmi: Fix class device unregistration (git-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- pm / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- powerpc/pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add (bsc#1243042 ltc#212167).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).\n- rdma/core: Rate limit GID cache warning messages (git-fixes)\n- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- rdma/hns: Drop GFP_NOWARN (git-fixes)\n- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)\n- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- rdma/hns: Fix accessing uninitialized resources (git-fixes)\n- rdma/hns: Fix double destruction of rsv_qp (git-fixes)\n- rdma/hns: Get message length of ack_req from FW (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- rdma/mlx5: Fix CC counters query for MPV (git-fixes)\n- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- rdma/mlx5: Fix UMR modifying of mkey page size (git-fixes)\n- rdma/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)\n- rdma/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- rdma/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup (git-fixes)\n- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- re-enable qmi_wwan for arm64 (bsc#1246113)\n- reapply \u0027wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\u0027 (git-fixes).\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- revert \u0027ACPI: battery: negate current when discharging\u0027 (stable-fixes).\n- revert \u0027cgroup_freezer: cgroup_freezing: Check if not frozen\u0027 (bsc#1219338).\n- revert \u0027drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\u0027 (stable-fixes).\n- revert \u0027drm/nouveau: check ioctl command codes better\u0027 (git-fixes).\n- revert \u0027drm/xe/xe2: Enable Indirect Ring State support for Xe2\u0027 (git-fixes).\n- revert \u0027mmc: sdhci: Disable SD card clock before changing parameters\u0027 (git-fixes).\n- revert \u0027usb: xhci: Implement xhci_handshake_check_state() helper\u0027 (git-fixes).\n- revert \u0027vgacon: Add check for vc_origin address range in vgacon_scroll()\u0027 (stable-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.\n- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (bsc#1246644).\n- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (git-fixes).\n- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (git-fixes).\n- scsi: fnic: Set appropriate logging level for log message (bsc#1246644).\n- scsi: fnic: Turn off FDMI ACTIVE flags on link down (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- sprintf.h requires stdarg.h (git-fixes).\n- sprintf.h: mask additional include (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- supported.conf: Mark ZL3073X modules supported\n- supported.conf: add missing entries for armv7hl\n- supported.conf: move nvme-apple to optional again\n- supported.conf: sort entries again\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thermal: trip: Use READ_ONCE() for lockless access to trip properties (git-fixes).\n- thermal: trip: Use common set of trip type names (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- update config files (bsc#1243678)\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- usb: serial: option: add Foxconn T99W640 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes).\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements (git-fixes).\n- wifi: cfg80211: fix S1G beacon head validation in nl80211 (git-fixes).\n- wifi: cfg80211: remove scan request n_channels counted_by (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Create separate links for VLAN interfaces (stable-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: finish link init before RCU publish (git-fixes).\n- wifi: mac80211: fix non-transmitted BSSID profile search (git-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rt2x00: fix remove callback type mismatch (git-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/CPU/AMD: Add more models to X86_FEATURE_ZEN5 (bsc#1246449).\n- x86/CPU/AMD: Improve the erratum 1386 workaround (git-fixes).\n- x86/CPU/AMD: Terminate the erratum_1386_microcode array (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/cpu: Avoid running off the end of an AMD erratum table (git-fixes).\n- x86/cpu: Expose only stepping min/max interface (git-fixes).\n- x86/cpu: Introduce new microcode matching helper (git-fixes).\n- x86/cpu: Move AMD erratum 1386 table over to \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/cpu: Replace PEBS use of \u0027x86_cpu_desc\u0027 use with \u0027x86_cpu_id\u0027 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2997,SUSE-SLE-Module-Basesystem-15-SP7-2025-2997,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2997,SUSE-SLE-Module-Legacy-15-SP7-2025-2997,SUSE-SLE-Module-Live-Patching-15-SP7-2025-2997,SUSE-SLE-Product-HA-15-SP7-2025-2997,SUSE-SLE-Product-WE-15-SP7-2025-2997",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02997-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02997-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502997-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02997-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041368.html"
},
{
"category": "self",
"summary": "SUSE Bug 1139073",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1227082",
"url": "https://bugzilla.suse.com/1227082"
},
{
"category": "self",
"summary": "SUSE Bug 1228664",
"url": "https://bugzilla.suse.com/1228664"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235515",
"url": "https://bugzilla.suse.com/1235515"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1239470",
"url": "https://bugzilla.suse.com/1239470"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240998",
"url": "https://bugzilla.suse.com/1240998"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241200",
"url": "https://bugzilla.suse.com/1241200"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1241537",
"url": "https://bugzilla.suse.com/1241537"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243042",
"url": "https://bugzilla.suse.com/1243042"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243678",
"url": "https://bugzilla.suse.com/1243678"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244337",
"url": "https://bugzilla.suse.com/1244337"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245084",
"url": "https://bugzilla.suse.com/1245084"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245621",
"url": "https://bugzilla.suse.com/1245621"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245664",
"url": "https://bugzilla.suse.com/1245664"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245686",
"url": "https://bugzilla.suse.com/1245686"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245812",
"url": "https://bugzilla.suse.com/1245812"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245955",
"url": "https://bugzilla.suse.com/1245955"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246113",
"url": "https://bugzilla.suse.com/1246113"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246134",
"url": "https://bugzilla.suse.com/1246134"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246179",
"url": "https://bugzilla.suse.com/1246179"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246188",
"url": "https://bugzilla.suse.com/1246188"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246217",
"url": "https://bugzilla.suse.com/1246217"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246285",
"url": "https://bugzilla.suse.com/1246285"
},
{
"category": "self",
"summary": "SUSE Bug 1246286",
"url": "https://bugzilla.suse.com/1246286"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246290",
"url": "https://bugzilla.suse.com/1246290"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246297",
"url": "https://bugzilla.suse.com/1246297"
},
{
"category": "self",
"summary": "SUSE Bug 1246333",
"url": "https://bugzilla.suse.com/1246333"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246385",
"url": "https://bugzilla.suse.com/1246385"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246443",
"url": "https://bugzilla.suse.com/1246443"
},
{
"category": "self",
"summary": "SUSE Bug 1246449",
"url": "https://bugzilla.suse.com/1246449"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246644",
"url": "https://bugzilla.suse.com/1246644"
},
{
"category": "self",
"summary": "SUSE Bug 1246695",
"url": "https://bugzilla.suse.com/1246695"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247021",
"url": "https://bugzilla.suse.com/1247021"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247062",
"url": "https://bugzilla.suse.com/1247062"
},
{
"category": "self",
"summary": "SUSE Bug 1247064",
"url": "https://bugzilla.suse.com/1247064"
},
{
"category": "self",
"summary": "SUSE Bug 1247079",
"url": "https://bugzilla.suse.com/1247079"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247152",
"url": "https://bugzilla.suse.com/1247152"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247234",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247265",
"url": "https://bugzilla.suse.com/1247265"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247282",
"url": "https://bugzilla.suse.com/1247282"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247308",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE Bug 1247712",
"url": "https://bugzilla.suse.com/1247712"
},
{
"category": "self",
"summary": "SUSE Bug 1247831",
"url": "https://bugzilla.suse.com/1247831"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-39298 page",
"url": "https://www.suse.com/security/cve/CVE-2024-39298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42134 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38047 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38114 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38238 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38256 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38265 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38287 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38288 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38299 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38315 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38317 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38417 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38427 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38453 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38475 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-27T12:04:21Z",
"generator": {
"date": "2025-08-27T12:04:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02997-1",
"initial_release_date": "2025-08-27T12:04:21Z",
"revision_history": [
{
"date": "2025-08-27T12:04:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "cluster-md-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "cluster-md-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dlm-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "dlm-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "dlm-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-allwinner-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-allwinner-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-allwinner-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-altera-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-altera-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-altera-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amazon-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-amazon-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-amazon-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amd-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-amd-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-amd-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amlogic-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-amlogic-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-amlogic-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apm-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-apm-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-apm-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apple-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-apple-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-apple-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-arm-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-arm-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-arm-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-broadcom-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-broadcom-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-broadcom-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-cavium-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-cavium-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-cavium-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-exynos-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-exynos-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-exynos-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-freescale-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-freescale-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-freescale-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-hisilicon-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-hisilicon-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-hisilicon-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-lg-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-lg-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-lg-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-marvell-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-marvell-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-marvell-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-mediatek-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-mediatek-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-mediatek-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-nvidia-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-nvidia-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-nvidia-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-qcom-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-qcom-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-qcom-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-renesas-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-renesas-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-renesas-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-rockchip-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-rockchip-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-rockchip-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-socionext-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-socionext-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-socionext-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-sprd-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-sprd-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-sprd-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-xilinx-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "dtb-xilinx-6.4.0-150700.53.11.1.aarch64",
"product_id": "dtb-xilinx-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "gfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "gfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-extra-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-64kb-extra-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-64kb-extra-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-optional-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-64kb-optional-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-64kb-optional-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"product_id": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"product_id": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-default-extra-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-default-extra-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-default-livepatch-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-default-optional-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-default-optional-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-kvmsmall-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-obs-build-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-obs-qa-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kernel-syms-6.4.0-150700.53.11.1.aarch64",
"product_id": "kernel-syms-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kselftests-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "kselftests-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "kselftests-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "ocfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "ocfs2-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "reiserfs-kmp-64kb-6.4.0-150700.53.11.1.aarch64",
"product_id": "reiserfs-kmp-64kb-6.4.0-150700.53.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"product_id": "reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-150700.53.11.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-150700.53.11.1.noarch",
"product_id": "kernel-devel-6.4.0-150700.53.11.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-6.4.0-150700.53.11.3.noarch",
"product": {
"name": "kernel-docs-6.4.0-150700.53.11.3.noarch",
"product_id": "kernel-docs-6.4.0-150700.53.11.3.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-6.4.0-150700.53.11.3.noarch",
"product": {
"name": "kernel-docs-html-6.4.0-150700.53.11.3.noarch",
"product_id": "kernel-docs-html-6.4.0-150700.53.11.3.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-150700.53.11.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-150700.53.11.1.noarch",
"product_id": "kernel-macros-6.4.0-150700.53.11.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-150700.53.11.1.noarch",
"product": {
"name": "kernel-source-6.4.0-150700.53.11.1.noarch",
"product_id": "kernel-source-6.4.0-150700.53.11.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.4.0-150700.53.11.1.noarch",
"product": {
"name": "kernel-source-vanilla-6.4.0-150700.53.11.1.noarch",
"product_id": "kernel-source-vanilla-6.4.0-150700.53.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"product_id": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"product_id": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-extra-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-extra-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-default-optional-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-default-optional-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-kvmsmall-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-obs-build-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-obs-qa-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kernel-syms-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "kselftests-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"product_id": "reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "dlm-kmp-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "gfs2-kmp-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-devel-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-extra-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-extra-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-default-optional-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-default-optional-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-obs-build-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-obs-qa-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-syms-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-syms-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"product_id": "kernel-zfcpdump-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "kselftests-kmp-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"product_id": "reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "dlm-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"product_id": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"product_id": "kernel-default-base-rebuild-6.4.0-150700.53.11.1.150700.17.9.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-extra-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-optional-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-optional-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-vdso-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-default-vdso-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-default-vdso-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-vdso-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-kvmsmall-vdso-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-kvmsmall-vdso-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-obs-build-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-obs-qa-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-obs-qa-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kernel-syms-6.4.0-150700.53.11.1.x86_64",
"product_id": "kernel-syms-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "kselftests-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"product_id": "reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-150700.53.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-150700.53.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-150700.53.11.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-150700.53.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-6.4.0-150700.53.11.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch"
},
"product_reference": "kernel-docs-6.4.0-150700.53.11.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-150700.53.11.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch"
},
"product_reference": "kernel-source-6.4.0-150700.53.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "kernel-syms-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-syms-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-syms-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP7",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150700.53.11.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP7",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
},
"product_reference": "kernel-default-extra-6.4.0-150700.53.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-39298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-39298"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n \u003c/TASK\u003e\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n \u003c/TASK\u003e\n\nThe root cause should be the below race:\n\n memory_failure\n try_memory_failure_hugetlb\n me_huge_page\n __page_handle_poison\n dissolve_free_hugetlb_folio\n drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n take_page_off_buddy -- Failed as page is not in the \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-39298",
"url": "https://www.suse.com/security/cve/CVE-2024-39298"
},
{
"category": "external",
"summary": "SUSE Bug 1227082 for CVE-2024-39298",
"url": "https://bugzilla.suse.com/1227082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-39298"
},
{
"cve": "CVE-2024-42134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev-\u003eis_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev-\u003eis_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev-\u003eis_avq.\n\n[fix]\nCheck whether it is vp_dev-\u003eis_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42134",
"url": "https://www.suse.com/security/cve/CVE-2024-42134"
},
{
"category": "external",
"summary": "SUSE Bug 1228664 for CVE-2024-42134",
"url": "https://bugzilla.suse.com/1228664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42134"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21854",
"url": "https://www.suse.com/security/cve/CVE-2025-21854"
},
{
"category": "external",
"summary": "SUSE Bug 1239470 for CVE-2025-21854",
"url": "https://bugzilla.suse.com/1239470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21854"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-22090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22090",
"url": "https://www.suse.com/security/cve/CVE-2025-22090"
},
{
"category": "external",
"summary": "SUSE Bug 1241537 for CVE-2025-22090",
"url": "https://bugzilla.suse.com/1241537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38047",
"url": "https://www.suse.com/security/cve/CVE-2025-38047"
},
{
"category": "external",
"summary": "SUSE Bug 1245084 for CVE-2025-38047",
"url": "https://bugzilla.suse.com/1245084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38047"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38091",
"url": "https://www.suse.com/security/cve/CVE-2025-38091"
},
{
"category": "external",
"summary": "SUSE Bug 1245621 for CVE-2025-38091",
"url": "https://bugzilla.suse.com/1245621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38091"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix use-after-free of sq-\u003ethread in __io_uring_show_fdinfo()\n\nsyzbot reports:\n\nBUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60\nRead of size 8 at addr ffff88810de2d2c8 by task a.out/304\n\nCPU: 0 UID: 0 PID: 304 Comm: a.out Not tainted 6.16.0-rc1 #1 PREEMPT(voluntary)\nHardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xd0/0x670\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? getrusage+0x1109/0x1a60\n kasan_report+0xce/0x100\n ? getrusage+0x1109/0x1a60\n getrusage+0x1109/0x1a60\n ? __pfx_getrusage+0x10/0x10\n __io_uring_show_fdinfo+0x9fe/0x1790\n ? ksys_read+0xf7/0x1c0\n ? do_syscall_64+0xa4/0x260\n ? vsnprintf+0x591/0x1100\n ? __pfx___io_uring_show_fdinfo+0x10/0x10\n ? __pfx_vsnprintf+0x10/0x10\n ? mutex_trylock+0xcf/0x130\n ? __pfx_mutex_trylock+0x10/0x10\n ? __pfx_show_fd_locks+0x10/0x10\n ? io_uring_show_fdinfo+0x57/0x80\n io_uring_show_fdinfo+0x57/0x80\n seq_show+0x38c/0x690\n seq_read_iter+0x3f7/0x1180\n ? inode_set_ctime_current+0x160/0x4b0\n seq_read+0x271/0x3e0\n ? __pfx_seq_read+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __mark_inode_dirty+0x402/0x810\n ? selinux_file_permission+0x368/0x500\n ? file_update_time+0x10f/0x160\n vfs_read+0x177/0xa40\n ? __pfx___handle_mm_fault+0x10/0x10\n ? __pfx_vfs_read+0x10/0x10\n ? mutex_lock+0x81/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n ? fdget_pos+0x24d/0x4b0\n ksys_read+0xf7/0x1c0\n ? __pfx_ksys_read+0x10/0x10\n ? do_user_addr_fault+0x43b/0x9c0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0f74170fc9\nCode: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 8\nRSP: 002b:00007fffece049e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f74170fc9\nRDX: 0000000000001000 RSI: 00007fffece049f0 RDI: 0000000000000004\nRBP: 00007fffece05ad0 R08: 0000000000000000 R09: 00007fffece04d90\nR10: 0000000000000000 R11: 0000000000000206 R12: 00005651720a1100\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_node_noprof+0xe8/0x330\n copy_process+0x376/0x5e00\n create_io_thread+0xab/0xf0\n io_sq_offload_create+0x9ed/0xf20\n io_uring_setup+0x12b0/0x1cc0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 22:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0xc4/0x360\n rcu_core+0x5ff/0x19f0\n handle_softirqs+0x18c/0x530\n run_ksoftirqd+0x20/0x30\n smpboot_thread_fn+0x287/0x6c0\n kthread+0x30d/0x630\n ret_from_fork+0xef/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n kasan_record_aux_stack+0x8c/0xa0\n __call_rcu_common.constprop.0+0x68/0x940\n __schedule+0xff2/0x2930\n __cond_resched+0x4c/0x80\n mutex_lock+0x5c/0xe0\n io_uring_del_tctx_node+0xe1/0x2b0\n io_uring_clean_tctx+0xb7/0x160\n io_uring_cancel_generic+0x34e/0x760\n do_exit+0x240/0x2350\n do_group_exit+0xab/0x220\n __x64_sys_exit_group+0x39/0x40\n x64_sys_call+0x1243/0x1840\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe buggy address belongs to the object at ffff88810de2cb00\n which belongs to the cache task_struct of size 3712\nThe buggy address is located 1992 bytes inside of\n freed 3712-byte region [ffff88810de2cb00, ffff88810de2d980)\n\nwhich is caused by the task_struct pointed to by sq-\u003ethread being\nreleased while it is being used in the function\n__io_uring_show_fdinfo(). Holding ctx-\u003euring_lock does not prevent ehre\nrelase or exit of sq-\u003ethread.\n\nFix this by assigning and looking up -\u003ethread under RCU, and grabbing a\nreference to the task_struct. This e\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38106",
"url": "https://www.suse.com/security/cve/CVE-2025-38106"
},
{
"category": "external",
"summary": "SUSE Bug 1245664 for CVE-2025-38106",
"url": "https://bugzilla.suse.com/1245664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38106"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: Move cancel_work_sync to avoid deadlock\n\nPreviously, e1000_down called cancel_work_sync for the e1000 reset task\n(via e1000_down_and_stop), which takes RTNL.\n\nAs reported by users and syzbot, a deadlock is possible in the following\nscenario:\n\nCPU 0:\n - RTNL is held\n - e1000_close\n - e1000_down\n - cancel_work_sync (cancel / wait for e1000_reset_task())\n\nCPU 1:\n - process_one_work\n - e1000_reset_task\n - take RTNL\n\nTo remedy this, avoid calling cancel_work_sync from e1000_down\n(e1000_reset_task does nothing if the device is down anyway). Instead,\ncall cancel_work_sync for e1000_reset_task when the device is being\nremoved.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38114",
"url": "https://www.suse.com/security/cve/CVE-2025-38114"
},
{
"category": "external",
"summary": "SUSE Bug 1245686 for CVE-2025-38114",
"url": "https://bugzilla.suse.com/1245686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38114"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | \u2192 sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38186"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()\n\nBefore the commit under the Fixes tag below, bnxt_ulp_stop() and\nbnxt_ulp_start() were always invoked in pairs. After that commit,\nthe new bnxt_ulp_restart() can be invoked after bnxt_ulp_stop()\nhas been called. This may result in the RoCE driver\u0027s aux driver\n.suspend() method being invoked twice. The 2nd bnxt_re_suspend()\ncall will crash when it dereferences a NULL pointer:\n\n(NULL ib_device): Handle device suspend call\nBUG: kernel NULL pointer dereference, address: 0000000000000b78\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 20 UID: 0 PID: 181 Comm: kworker/u96:5 Tainted: G S 6.15.0-rc1 #4 PREEMPT(voluntary)\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\nWorkqueue: bnxt_pf_wq bnxt_sp_task [bnxt_en]\nRIP: 0010:bnxt_re_suspend+0x45/0x1f0 [bnxt_re]\nCode: 8b 05 a7 3c 5b f5 48 89 44 24 18 31 c0 49 8b 5c 24 08 4d 8b 2c 24 e8 ea 06 0a f4 48 c7 c6 04 60 52 c0 48 89 df e8 1b ce f9 ff \u003c48\u003e 8b 83 78 0b 00 00 48 8b 80 38 03 00 00 a8 40 0f 85 b5 00 00 00\nRSP: 0018:ffffa2e84084fd88 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffffb4b6b934 RDI: 00000000ffffffff\nRBP: ffffa1760954c9c0 R08: 0000000000000000 R09: c0000000ffffdfff\nR10: 0000000000000001 R11: ffffa2e84084fb50 R12: ffffa176031ef070\nR13: ffffa17609775000 R14: ffffa17603adc180 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa17daa397000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000b78 CR3: 00000004aaa30003 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nbnxt_ulp_stop+0x69/0x90 [bnxt_en]\nbnxt_sp_task+0x678/0x920 [bnxt_en]\n? __schedule+0x514/0xf50\nprocess_scheduled_works+0x9d/0x400\nworker_thread+0x11c/0x260\n? __pfx_worker_thread+0x10/0x10\nkthread+0xfe/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x2b/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nCheck the BNXT_EN_FLAG_ULP_STOPPED flag and do not proceed if the flag\nis already set. This will preserve the original symmetrical\nbnxt_ulp_stop() and bnxt_ulp_start().\n\nAlso, inside bnxt_ulp_start(), clear the BNXT_EN_FLAG_ULP_STOPPED\nflag after taking the mutex to avoid any race condition. And for\nsymmetry, only proceed in bnxt_ulp_start() if the\nBNXT_EN_FLAG_ULP_STOPPED is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38186",
"url": "https://www.suse.com/security/cve/CVE-2025-38186"
},
{
"category": "external",
"summary": "SUSE Bug 1245955 for CVE-2025-38186",
"url": "https://bugzilla.suse.com/1245955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38186"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can\u0027t update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don\u0027t u\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38189",
"url": "https://www.suse.com/security/cve/CVE-2025-38189"
},
{
"category": "external",
"summary": "SUSE Bug 1245812 for CVE-2025-38189",
"url": "https://bugzilla.suse.com/1245812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38189"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\n\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\nsend ABTS for each of them. On send completion, this causes an attempt to\nfree the same frame twice that leads to a crash.\n\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\nlogic accordingly.\n\nTested by checking MDS for FDMI information.\n\nTested by using instrumented driver to:\n\n - Drop PLOGI response\n - Drop RHBA response\n - Drop RPA response\n - Drop RHBA and RPA response\n - Drop PLOGI response + ABTS response\n - Drop RHBA response + ABTS response\n - Drop RPA response + ABTS response\n - Drop RHBA and RPA response + ABTS response for both of them",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38238",
"url": "https://www.suse.com/security/cve/CVE-2025-38238"
},
{
"category": "external",
"summary": "SUSE Bug 1246179 for CVE-2025-38238",
"url": "https://bugzilla.suse.com/1246179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38238"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38256"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: fix folio unpinning\n\nsyzbot complains about an unmapping failure:\n\n[ 108.070381][ T14] kernel BUG at mm/gup.c:71!\n[ 108.070502][ T14] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 108.123672][ T14] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20250221-8.fc42 02/21/2025\n[ 108.127458][ T14] Workqueue: iou_exit io_ring_exit_work\n[ 108.174205][ T14] Call trace:\n[ 108.175649][ T14] sanity_check_pinned_pages+0x7cc/0x7d0 (P)\n[ 108.178138][ T14] unpin_user_page+0x80/0x10c\n[ 108.180189][ T14] io_release_ubuf+0x84/0xf8\n[ 108.182196][ T14] io_free_rsrc_node+0x250/0x57c\n[ 108.184345][ T14] io_rsrc_data_free+0x148/0x298\n[ 108.186493][ T14] io_sqe_buffers_unregister+0x84/0xa0\n[ 108.188991][ T14] io_ring_ctx_free+0x48/0x480\n[ 108.191057][ T14] io_ring_exit_work+0x764/0x7d8\n[ 108.193207][ T14] process_one_work+0x7e8/0x155c\n[ 108.195431][ T14] worker_thread+0x958/0xed8\n[ 108.197561][ T14] kthread+0x5fc/0x75c\n[ 108.199362][ T14] ret_from_fork+0x10/0x20\n\nWe can pin a tail page of a folio, but then io_uring will try to unpin\nthe head page of the folio. While it should be fine in terms of keeping\nthe page actually alive, mm folks say it\u0027s wrong and triggers a debug\nwarning. Use unpin_user_folio() instead of unpin_user_page*.\n\n[axboe: adapt to current tree, massage commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38256",
"url": "https://www.suse.com/security/cve/CVE-2025-38256"
},
{
"category": "external",
"summary": "SUSE Bug 1246188 for CVE-2025-38256",
"url": "https://bugzilla.suse.com/1246188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38256"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38265"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: jsm: fix NPE during jsm_uart_port_init\n\nNo device was set which caused serial_base_ctrl_add to crash.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000050\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1\n RIP: 0010:serial_base_ctrl_add+0x96/0x120\n Call Trace:\n \u003cTASK\u003e\n serial_core_register_port+0x1a0/0x580\n ? __setup_irq+0x39c/0x660\n ? __kmalloc_cache_noprof+0x111/0x310\n jsm_uart_port_init+0xe8/0x180 [jsm]\n jsm_probe_one+0x1f4/0x410 [jsm]\n local_pci_probe+0x42/0x90\n pci_device_probe+0x22f/0x270\n really_probe+0xdb/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8c/0xe0\n bus_add_driver+0x112/0x1f0\n driver_register+0x72/0xd0\n jsm_init_module+0x36/0xff0 [jsm]\n ? __pfx_jsm_init_module+0x10/0x10 [jsm]\n do_one_initcall+0x58/0x310\n do_init_module+0x60/0x230\n\nTested with Digi Neo PCIe 8 port card.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38265",
"url": "https://www.suse.com/security/cve/CVE-2025-38265"
},
{
"category": "external",
"summary": "SUSE Bug 1246244 for CVE-2025-38265",
"url": "https://bugzilla.suse.com/1246244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38265"
},
{
"cve": "CVE-2025-38268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work\n\nA state check was previously added to tcpm_queue_vdm_unlocked to\nprevent a deadlock where the DisplayPort Alt Mode driver would be\nexecuting work and attempting to grab the tcpm_lock while the TCPM\nwas holding the lock and attempting to unregister the altmode, blocking\non the altmode driver\u0027s cancel_work_sync call.\n\nBecause the state check isn\u0027t protected, there is a small window\nwhere the Alt Mode driver could determine that the TCPM is\nin a ready state and attempt to grab the lock while the\nTCPM grabs the lock and changes the TCPM state to one that\ncauses the deadlock. The callstack is provided below:\n\n[110121.667392][ C7] Call trace:\n[110121.667396][ C7] __switch_to+0x174/0x338\n[110121.667406][ C7] __schedule+0x608/0x9f0\n[110121.667414][ C7] schedule+0x7c/0xe8\n[110121.667423][ C7] kernfs_drain+0xb0/0x114\n[110121.667431][ C7] __kernfs_remove+0x16c/0x20c\n[110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8\n[110121.667442][ C7] sysfs_remove_group+0x84/0xe8\n[110121.667450][ C7] sysfs_remove_groups+0x34/0x58\n[110121.667458][ C7] device_remove_groups+0x10/0x20\n[110121.667464][ C7] device_release_driver_internal+0x164/0x2e4\n[110121.667475][ C7] device_release_driver+0x18/0x28\n[110121.667484][ C7] bus_remove_device+0xec/0x118\n[110121.667491][ C7] device_del+0x1e8/0x4ac\n[110121.667498][ C7] device_unregister+0x18/0x38\n[110121.667504][ C7] typec_unregister_altmode+0x30/0x44\n[110121.667515][ C7] tcpm_reset_port+0xac/0x370\n[110121.667523][ C7] tcpm_snk_detach+0x84/0xb8\n[110121.667529][ C7] run_state_machine+0x4c0/0x1b68\n[110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4\n[110121.667544][ C7] kthread_worker_fn+0x10c/0x244\n[110121.667552][ C7] kthread+0x104/0x1d4\n[110121.667557][ C7] ret_from_fork+0x10/0x20\n\n[110121.667689][ C7] Workqueue: events dp_altmode_work\n[110121.667697][ C7] Call trace:\n[110121.667701][ C7] __switch_to+0x174/0x338\n[110121.667710][ C7] __schedule+0x608/0x9f0\n[110121.667717][ C7] schedule+0x7c/0xe8\n[110121.667725][ C7] schedule_preempt_disabled+0x24/0x40\n[110121.667733][ C7] __mutex_lock+0x408/0xdac\n[110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24\n[110121.667748][ C7] mutex_lock+0x40/0xec\n[110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4\n[110121.667764][ C7] typec_altmode_enter+0xdc/0x10c\n[110121.667769][ C7] dp_altmode_work+0x68/0x164\n[110121.667775][ C7] process_one_work+0x1e4/0x43c\n[110121.667783][ C7] worker_thread+0x25c/0x430\n[110121.667789][ C7] kthread+0x104/0x1d4\n[110121.667794][ C7] ret_from_fork+0x10/0x20\n\nChange tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work,\nwhich can perform the state check while holding the TCPM lock\nwhile the Alt Mode lock is no longer held. This requires a new\nstruct to hold the vdm data, altmode_vdm_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38268",
"url": "https://www.suse.com/security/cve/CVE-2025-38268"
},
{
"category": "external",
"summary": "SUSE Bug 1246385 for CVE-2025-38268",
"url": "https://bugzilla.suse.com/1246385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38268"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/cm: Drop lockdep assert and WARN when freeing old msg\n\nThe send completion handler can run after cm_id has advanced to another\nmessage. The cm_id lock is not needed in this case, but a recent change\nre-used cm_free_priv_msg(), which asserts that the lock is held and\nWARNs if the cm_id\u0027s currently outstanding msg is different than the one\nbeing freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38287",
"url": "https://www.suse.com/security/cve/CVE-2025-38287"
},
{
"category": "external",
"summary": "SUSE Bug 1246285 for CVE-2025-38287",
"url": "https://bugzilla.suse.com/1246285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38287"
},
{
"cve": "CVE-2025-38288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels\n\nCorrect kernel call trace when calling smp_processor_id() when called in\npreemptible kernels by using raw_smp_processor_id().\n\nsmp_processor_id() checks to see if preemption is disabled and if not,\nissue an error message followed by a call to dump_stack().\n\nBrief example of call trace:\nkernel: check_preemption_disabled: 436 callbacks suppressed\nkernel: BUG: using smp_processor_id() in preemptible [00000000]\n code: kworker/u1025:0/2354\nkernel: caller is pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: CPU: 129 PID: 2354 Comm: kworker/u1025:0\nkernel: ...\nkernel: Workqueue: writeback wb_workfn (flush-253:0)\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x34/0x48\nkernel: check_preemption_disabled+0xdd/0xe0\nkernel: pqi_scsi_queue_command+0x183/0x310 [smartpqi]\nkernel: ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38288",
"url": "https://www.suse.com/security/cve/CVE-2025-38288"
},
{
"category": "external",
"summary": "SUSE Bug 1246286 for CVE-2025-38288",
"url": "https://bugzilla.suse.com/1246286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38288"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Prevent sending WMI commands to firmware during firmware crash\n\nCurrently, we encounter the following kernel call trace when a firmware\ncrash occurs. This happens because the host sends WMI commands to the\nfirmware while it is in recovery, causing the commands to fail and\nresulting in the kernel call trace.\n\nSet the ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY flags when the\nhost driver receives the firmware crash notification from MHI. This\nprevents sending WMI commands to the firmware during recovery.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x75/0xc0\n register_lock_class+0x6be/0x7a0\n ? __lock_acquire+0x644/0x19a0\n __lock_acquire+0x95/0x19a0\n lock_acquire+0x265/0x310\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ? find_held_lock+0x34/0xa0\n ? ath12k_ce_send+0x56/0x210 [ath12k]\n _raw_spin_lock_bh+0x33/0x70\n ? ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_ce_send+0xa2/0x210 [ath12k]\n ath12k_htc_send+0x178/0x390 [ath12k]\n ath12k_wmi_cmd_send_nowait+0x76/0xa0 [ath12k]\n ath12k_wmi_cmd_send+0x62/0x190 [ath12k]\n ath12k_wmi_pdev_bss_chan_info_request+0x62/0xc0 [ath1\n ath12k_mac_op_get_survey+0x2be/0x310 [ath12k]\n ieee80211_dump_survey+0x99/0x240 [mac80211]\n nl80211_dump_survey+0xe7/0x470 [cfg80211]\n ? kmalloc_reserve+0x59/0xf0\n genl_dumpit+0x24/0x70\n netlink_dump+0x177/0x360\n __netlink_dump_start+0x206/0x280\n genl_family_rcv_msg_dumpit.isra.22+0x8a/0xe0\n ? genl_family_rcv_msg_attrs_parse.isra.23+0xe0/0xe0\n ? genl_op_lock.part.12+0x10/0x10\n ? genl_dumpit+0x70/0x70\n genl_rcv_msg+0x1d0/0x290\n ? nl80211_del_station+0x330/0x330 [cfg80211]\n ? genl_get_cmd_both+0x50/0x50\n netlink_rcv_skb+0x4f/0x100\n genl_rcv+0x1f/0x30\n netlink_unicast+0x1b6/0x260\n netlink_sendmsg+0x31a/0x450\n __sock_sendmsg+0xa8/0xb0\n ____sys_sendmsg+0x1e4/0x260\n ___sys_sendmsg+0x89/0xe0\n ? local_clock_noinstr+0xb/0xc0\n ? rcu_is_watching+0xd/0x40\n ? kfree+0x1de/0x370\n ? __sys_sendmsg+0x7a/0xc0\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38291",
"url": "https://www.suse.com/security/cve/CVE-2025-38291"
},
{
"category": "external",
"summary": "SUSE Bug 1246297 for CVE-2025-38291",
"url": "https://bugzilla.suse.com/1246297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38291"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38299"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()\n\nETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),\nin the case the codec dai_name will be null.\n\nAvoid a crash if the device tree is not assigning a codec\nto these links.\n\n[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 1.181065] Mem abort info:\n[ 1.181420] ESR = 0x0000000096000004\n[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.182576] SET = 0, FnV = 0\n[ 1.182964] EA = 0, S1PTW = 0\n[ 1.183367] FSC = 0x04: level 0 translation fault\n[ 1.183983] Data abort info:\n[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.186439] [0000000000000000] user address but active_mm is swapper\n[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1.188029] Modules linked in:\n[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85\n[ 1.189515] Hardware name: Radxa NIO 12L (DT)\n[ 1.190065] Workqueue: events_unbound deferred_probe_work_func\n[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.191683] pc : __pi_strcmp+0x24/0x140\n[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0\n[ 1.192854] sp : ffff800083473970\n[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002\n[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88\n[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8\n[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff\n[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006\n[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374\n[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018\n[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d\n[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000\n[ 1.202236] Call trace:\n[ 1.202545] __pi_strcmp+0x24/0x140 (P)\n[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8\n[ 1.203644] platform_probe+0x70/0xe8\n[ 1.204106] really_probe+0xc8/0x3a0\n[ 1.204556] __driver_probe_device+0x84/0x160\n[ 1.205104] driver_probe_device+0x44/0x130\n[ 1.205630] __device_attach_driver+0xc4/0x170\n[ 1.206189] bus_for_each_drv+0x8c/0xf8\n[ 1.206672] __device_attach+0xa8/0x1c8\n[ 1.207155] device_initial_probe+0x1c/0x30\n[ 1.207681] bus_probe_device+0xb0/0xc0\n[ 1.208165] deferred_probe_work_func+0xa4/0x100\n[ 1.208747] process_one_work+0x158/0x3e0\n[ 1.209254] worker_thread+0x2c4/0x3e8\n[ 1.209727] kthread+0x134/0x1f0\n[ 1.210136] ret_from_fork+0x10/0x20\n[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)\n[ 1.211355] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38299",
"url": "https://www.suse.com/security/cve/CVE-2025-38299"
},
{
"category": "external",
"summary": "SUSE Bug 1246290 for CVE-2025-38299",
"url": "https://bugzilla.suse.com/1246290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38299"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Check dsbr size from EFI variable\n\nSince the size of struct btintel_dsbr is already known, we can just\nstart there instead of querying the EFI variable size. If the final\nresult doesn\u0027t match what we expect also fail. This fixes a stack buffer\noverflow when the EFI variable is larger than struct btintel_dsbr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38315",
"url": "https://www.suse.com/security/cve/CVE-2025-38315"
},
{
"category": "external",
"summary": "SUSE Bug 1246333 for CVE-2025-38315",
"url": "https://bugzilla.suse.com/1246333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38315"
},
{
"cve": "CVE-2025-38317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix buffer overflow in debugfs\n\nIf the user tries to write more than 32 bytes then it results in memory\ncorruption. Fortunately, this is debugfs so it\u0027s limited to root users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38317",
"url": "https://www.suse.com/security/cve/CVE-2025-38317"
},
{
"category": "external",
"summary": "SUSE Bug 1246443 for CVE-2025-38317",
"url": "https://bugzilla.suse.com/1246443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38317"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38353",
"url": "https://www.suse.com/security/cve/CVE-2025-38353"
},
{
"category": "external",
"summary": "SUSE Bug 1247265 for CVE-2025-38353",
"url": "https://bugzilla.suse.com/1247265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38353"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Process deferred GGTT node removals on device unwind\n\nWhile we are indirectly draining our dedicated workqueue ggtt-\u003ewq\nthat we use to complete asynchronous removal of some GGTT nodes,\nthis happends as part of the managed-drm unwinding (ggtt_fini_early),\nwhich could be later then manage-device unwinding, where we could\nalready unmap our MMIO/GMS mapping (mmio_fini).\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747340 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747540 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747240 __xe_bo_unpin_map_no_vm (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747040 tiles_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746840 mmio_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e747f40 xe_bo_pinned_fini (16 bytes)\n [ ] xe 0000:00:02.1: DEVRES REL ffff88811e746b40 devm_drm_dev_init_release (16 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] drmres release begin\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef81640 __fini_relay (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80d40 guc_ct_fini (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80040 __drmm_mutex_release (8 bytes)\n [ ] xe 0000:00:02.1: [drm:drm_managed_release] REL ffff88810ef80140 ggtt_fini_early (8 bytes)\n\nand this was leading to:\n\n [ ] BUG: unable to handle page fault for address: ffffc900058162a0\n [ ] #PF: supervisor write access in kernel mode\n [ ] #PF: error_code(0x0002) - not-present page\n [ ] Oops: Oops: 0002 [#1] SMP NOPTI\n [ ] Tainted: [W]=WARN\n [ ] Workqueue: xe-ggtt-wq ggtt_node_remove_work_func [xe]\n [ ] RIP: 0010:xe_ggtt_set_pte+0x6d/0x350 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] xe_ggtt_clear+0xb0/0x270 [xe]\n [ ] ggtt_node_remove+0xbb/0x120 [xe]\n [ ] ggtt_node_remove_work_func+0x30/0x50 [xe]\n [ ] process_one_work+0x22b/0x6f0\n [ ] worker_thread+0x1e8/0x3d\n\nAdd managed-device action that will explicitly drain the workqueue\nwith all pending node removals prior to releasing MMIO/GSM mapping.\n\n(cherry picked from commit 89d2835c3680ab1938e22ad81b1c9f8c686bd391)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38355",
"url": "https://www.suse.com/security/cve/CVE-2025-38355"
},
{
"category": "external",
"summary": "SUSE Bug 1247062 for CVE-2025-38355",
"url": "https://bugzilla.suse.com/1247062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38355"
},
{
"cve": "CVE-2025-38356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Explicitly exit CT safe mode on unwind\n\nDuring driver probe we might be briefly using CT safe mode, which\nis based on a delayed work, but usually we are able to stop this\nonce we have IRQ fully operational. However, if we abort the probe\nquite early then during unwind we might try to destroy the workqueue\nwhile there is still a pending delayed work that attempts to restart\nitself which triggers a WARN.\n\nThis was recently observed during unsuccessful VF initialization:\n\n [ ] xe 0000:00:02.1: probe with driver xe failed with error -62\n [ ] ------------[ cut here ]------------\n [ ] workqueue: cannot queue safe_mode_worker_func [xe] on wq xe-g2h-wq\n [ ] WARNING: CPU: 9 PID: 0 at kernel/workqueue.c:2257 __queue_work+0x287/0x710\n [ ] RIP: 0010:__queue_work+0x287/0x710\n [ ] Call Trace:\n [ ] delayed_work_timer_fn+0x19/0x30\n [ ] call_timer_fn+0xa1/0x2a0\n\nExit the CT safe mode on unwind to avoid that warning.\n\n(cherry picked from commit 2ddbb73ec20b98e70a5200cb85deade22ccea2ec)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38356",
"url": "https://www.suse.com/security/cve/CVE-2025-38356"
},
{
"category": "external",
"summary": "SUSE Bug 1247064 for CVE-2025-38356",
"url": "https://bugzilla.suse.com/1247064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38356"
},
{
"cve": "CVE-2025-38361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38361",
"url": "https://www.suse.com/security/cve/CVE-2025-38361"
},
{
"category": "external",
"summary": "SUSE Bug 1247079 for CVE-2025-38361",
"url": "https://bugzilla.suse.com/1247079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38361"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n \u2192 revoke_mr() |\n \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | \u2192 mlx5r_cache_create_ent_locked()\n | \u2192 kzalloc(GFP_KERNEL)\n | \u2192 fs_reclaim()\n | \u2192 mmu_notifier_invalidate_range_start()\n | \u2192 mlx5_ib_invalidate_range()\n | \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n \u2192 cache_ent_find_and_store() |\n \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38417"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix eswitch code memory leak in reset scenario\n\nAdd simple eswitch mode checker in attaching VF procedure and allocate\nrequired port representor memory structures only in switchdev mode.\nThe reset flows triggers VF (if present) detach/attach procedure.\nIt might involve VF port representor(s) re-creation if the device is\nconfigured is switchdev mode (not legacy one).\nThe memory was blindly allocated in current implementation,\nregardless of the mode and not freed if in legacy mode.\n\nKmemeleak trace:\nunreferenced object (percpu) 0x7e3bce5b888458 (size 40):\n comm \"bash\", pid 1784, jiffies 4295743894\n hex dump (first 32 bytes on cpu 45):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n pcpu_alloc_noprof+0x4c4/0x7c0\n ice_repr_create+0x66/0x130 [ice]\n ice_repr_create_vf+0x22/0x70 [ice]\n ice_eswitch_attach_vf+0x1b/0xa0 [ice]\n ice_reset_all_vfs+0x1dd/0x2f0 [ice]\n ice_pci_err_resume+0x3b/0xb0 [ice]\n pci_reset_function+0x8f/0x120\n reset_store+0x56/0xa0\n kernfs_fop_write_iter+0x120/0x1b0\n vfs_write+0x31c/0x430\n ksys_write+0x61/0xd0\n do_syscall_64+0x5b/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTesting hints (ethX is PF netdev):\n- create at least one VF\n echo 1 \u003e /sys/class/net/ethX/device/sriov_numvfs\n- trigger the reset\n echo 1 \u003e /sys/class/net/ethX/device/reset",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38417",
"url": "https://www.suse.com/security/cve/CVE-2025-38417"
},
{
"category": "external",
"summary": "SUSE Bug 1247282 for CVE-2025-38417",
"url": "https://bugzilla.suse.com/1247282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38417"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38427"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: screen_info: Relocate framebuffers behind PCI bridges\n\nApply PCI host-bridge window offsets to screen_info framebuffers. Fixes\ninvalid access to I/O memory.\n\nResources behind a PCI host bridge can be relocated by a certain offset\nin the kernel\u0027s CPU address range used for I/O. The framebuffer memory\nrange stored in screen_info refers to the CPU addresses as seen during\nboot (where the offset is 0). During boot up, firmware may assign a\ndifferent memory offset to the PCI host bridge and thereby relocating\nthe framebuffer address of the PCI graphics device as seen by the kernel.\nThe information in screen_info must be updated as well.\n\nThe helper pcibios_bus_to_resource() performs the relocation of the\nscreen_info\u0027s framebuffer resource (given in PCI bus addresses). The\nresult matches the I/O-memory resource of the PCI graphics device (given\nin CPU addresses). As before, we store away the information necessary to\nlater update the information in screen_info itself.\n\nCommit 78aa89d1dfba (\"firmware/sysfb: Update screen_info for relocated\nEFI framebuffers\") added the code for updating screen_info. It is based\non similar functionality that pre-existed in efifb. Efifb uses a pointer\nto the PCI resource, while the newer code does a memcpy of the region.\nHence efifb sees any updates to the PCI resource and avoids the issue.\n\nv3:\n- Only use struct pci_bus_region for PCI bus addresses (Bjorn)\n- Clarify address semantics in commit messages and comments (Bjorn)\nv2:\n- Fixed tags (Takashi, Ivan)\n- Updated information on efifb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38427",
"url": "https://www.suse.com/security/cve/CVE-2025-38427"
},
{
"category": "external",
"summary": "SUSE Bug 1247152 for CVE-2025-38427",
"url": "https://bugzilla.suse.com/1247152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38427"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38453"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU\n\nsyzbot reports that defer/local task_work adding via msg_ring can hit\na request that has been freed:\n\nCPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n io_req_local_work_add io_uring/io_uring.c:1184 [inline]\n __io_req_task_work_add+0x589/0x950 io_uring/io_uring.c:1252\n io_msg_remote_post io_uring/msg_ring.c:103 [inline]\n io_msg_data_remote io_uring/msg_ring.c:133 [inline]\n __io_msg_ring_data+0x820/0xaa0 io_uring/msg_ring.c:151\n io_msg_ring_data io_uring/msg_ring.c:173 [inline]\n io_msg_ring+0x134/0xa00 io_uring/msg_ring.c:314\n __io_issue_sqe+0x17e/0x4b0 io_uring/io_uring.c:1739\n io_issue_sqe+0x165/0xfd0 io_uring/io_uring.c:1762\n io_wq_submit_work+0x6e9/0xb90 io_uring/io_uring.c:1874\n io_worker_handle_work+0x7cd/0x1180 io_uring/io-wq.c:642\n io_wq_worker+0x42f/0xeb0 io_uring/io-wq.c:696\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nwhich is supposed to be safe with how requests are allocated. But msg\nring requests alloc and free on their own, and hence must defer freeing\nto a sane time.\n\nAdd an rcu_head and use kfree_rcu() in both spots where requests are\nfreed. Only the one in io_msg_tw_complete() is strictly required as it\nhas been visible on the other ring, but use it consistently in the other\nspot as well.\n\nThis should not cause any other issues outside of KASAN rightfully\ncomplaining about it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38453",
"url": "https://www.suse.com/security/cve/CVE-2025-38453"
},
{
"category": "external",
"summary": "SUSE Bug 1247234 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247234"
},
{
"category": "external",
"summary": "SUSE Bug 1247737 for CVE-2025-38453",
"url": "https://bugzilla.suse.com/1247737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38453"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38475"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix various oops due to inet_sock type confusion.\n\nsyzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while\nfreeing inet_sk(sk)-\u003einet_opt.\n\nThe address was freed multiple times even though it was read-only memory.\n\ncipso_v4_sock_setattr() did nothing wrong, and the root cause was type\nconfusion.\n\nThe cited commit made it possible to create smc_sock as an INET socket.\n\nThe issue is that struct smc_sock does not have struct inet_sock as the\nfirst member but hijacks AF_INET and AF_INET6 sk_family, which confuses\nvarious places.\n\nIn this case, inet_sock.inet_opt was actually smc_sock.clcsk_data_ready(),\nwhich is an address of a function in the text segment.\n\n $ pahole -C inet_sock vmlinux\n struct inet_sock {\n ...\n struct ip_options_rcu * inet_opt; /* 784 8 */\n\n $ pahole -C smc_sock vmlinux\n struct smc_sock {\n ...\n void (*clcsk_data_ready)(struct sock *); /* 784 8 */\n\nThe same issue for another field was reported before. [2][3]\n\nAt that time, an ugly hack was suggested [4], but it makes both INET\nand SMC code error-prone and hard to change.\n\nAlso, yet another variant was fixed by a hacky commit 98d4435efcbf3\n(\"net/smc: prevent NULL pointer dereference in txopt_get\").\n\nInstead of papering over the root cause by such hacks, we should not\nallow non-INET socket to reuse the INET infra.\n\nLet\u0027s add inet_sock as the first member of smc_sock.\n\n[0]:\nkvfree_call_rcu(): Double-freed call. rcu_head 000000006921da73\nWARNING: CPU: 0 PID: 6718 at mm/slab_common.c:1956 kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nModules linked in:\nCPU: 0 UID: 0 PID: 6718 Comm: syz.0.17 Tainted: G W 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nTainted: [W]=WARN\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nlr : kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955\nsp : ffff8000a03a7730\nx29: ffff8000a03a7730 x28: 00000000fffffff5 x27: 1fffe000184823d3\nx26: dfff800000000000 x25: ffff0000c2411e9e x24: ffff0000dd88da00\nx23: ffff8000891ac9a0 x22: 00000000ffffffea x21: ffff8000891ac9a0\nx20: ffff8000891ac9a0 x19: ffff80008afc2480 x18: 00000000ffffffff\nx17: 0000000000000000 x16: ffff80008ae642c8 x15: ffff700011ede14c\nx14: 1ffff00011ede14c x13: 0000000000000004 x12: ffffffffffffffff\nx11: ffff700011ede14c x10: 0000000000ff0100 x9 : 5fa3c1ffaf0ff000\nx8 : 5fa3c1ffaf0ff000 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff8000a03a7078 x4 : ffff80008f766c20 x3 : ffff80008054d360\nx2 : 0000000000000000 x1 : 0000000000000201 x0 : 0000000000000000\nCall trace:\n kvfree_call_rcu+0x94/0x3f0 mm/slab_common.c:1955 (P)\n cipso_v4_sock_setattr+0x2f0/0x3f4 net/ipv4/cipso_ipv4.c:1914\n netlbl_sock_setattr+0x240/0x334 net/netlabel/netlabel_kapi.c:1000\n smack_netlbl_add+0xa8/0x158 security/smack/smack_lsm.c:2581\n smack_inode_setsecurity+0x378/0x430 security/smack/smack_lsm.c:2912\n security_inode_setsecurity+0x118/0x3c0 security/security.c:2706\n __vfs_setxattr_noperm+0x174/0x5c4 fs/xattr.c:251\n __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295\n vfs_setxattr+0x158/0x2ac fs/xattr.c:321\n do_setxattr fs/xattr.c:636 [inline]\n file_setxattr+0x1b8/0x294 fs/xattr.c:646\n path_setxattrat+0x2ac/0x320 fs/xattr.c:711\n __do_sys_fsetxattr fs/xattr.c:761 [inline]\n __se_sys_fsetxattr fs/xattr.c:758 [inline]\n __arm64_sys_fsetxattr+0xc0/0xdc fs/xattr.c:758\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879\n el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\n[\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38475",
"url": "https://www.suse.com/security/cve/CVE-2025-38475"
},
{
"category": "external",
"summary": "SUSE Bug 1247308 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247308"
},
{
"category": "external",
"summary": "SUSE Bug 1247309 for CVE-2025-38475",
"url": "https://bugzilla.suse.com/1247309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:cluster-md-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:dlm-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:gfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP7:ocfs2-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-default-livepatch-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-1-150700.15.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-64kb-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-base-6.4.0-150700.53.11.1.150700.17.9.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-default-devel-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-devel-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-macros-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:kernel-zfcpdump-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-docs-6.4.0-150700.53.11.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-obs-build-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-source-6.4.0-150700.53.11.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:kernel-syms-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP7:reiserfs-kmp-default-6.4.0-150700.53.11.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP7:kernel-default-extra-6.4.0-150700.53.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-27T12:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2025:03023-1
Vulnerability from csaf_suse - Published: 2025-08-29 11:54 - Updated: 2025-08-29 11:54Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may (bsc#1139073)
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- Fix dma_unmap_sg() nents value (git-fixes)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).
- acpi: LPSS: Remove AudioDSP related ID (git-fixes).
- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).
- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- alsa: hda/tegra: Add Tegra264 support (stable-fixes).
- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).
- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).
- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- docs/aBI: Fix sysfs-kernel-address_bits path (git-fixes).
- documentation: ACPI: Fix parent device references (git-fixes).
- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- hid: core: do not bypass hid_hw_raw_request (stable-fixes).
- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- input: iqs7222 - explicitly define number of external channels (git-fixes).
- input: xpad - adjust error handling for disconnect (git-fixes).
- input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- input: xpad - support Acer NGR 200 Controller (stable-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- logitech C-270 even more broken (stable-fixes).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nfsv4.2: another fix for listxattr (git-fixes).
- nfsv4.2: fix listxattr to return selinux security label (git-fixes).
- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- nfsv4: Always set NLINK even if the server does not support it (git-fixes).
- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- pci: endpoint: Fix configfs group list head handling (git-fixes).
- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- pm / devfreq: Check governor before using governor->name (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- rdma/core: Rate limit GID cache warning messages (git-fixes)
- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- rdma/hns: Drop GFP_NOWARN (git-fixes)
- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)
- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)
- rdma/hns: Fix accessing uninitialized resources (git-fixes)
- rdma/hns: Fix double destruction of rsv_qp (git-fixes)
- rdma/hns: Get message length of ack_req from FW (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- rdma/mlx5: Fix CC counters query for MPV (git-fixes)
- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)
- rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- usb: serial: option: add Foxconn T99W640 (stable-fixes).
- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-3023,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3023,SUSE-SLE-Module-RT-15-SP6-2025-3023,openSUSE-SLE-15.6-2025-3023
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may (bsc#1139073)\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- Fix dma_unmap_sg() nents value (git-fixes)\n- Reapply \u0027wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\u0027 (git-fixes).\n- Revert \u0027ACPI: battery: negate current when discharging\u0027 (stable-fixes).\n- Revert \u0027cgroup_freezer: cgroup_freezing: Check if not frozen\u0027 (bsc#1219338).\n- Revert \u0027drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\u0027 (stable-fixes).\n- Revert \u0027mmc: sdhci: Disable SD card clock before changing parameters\u0027 (git-fixes).\n- Revert \u0027usb: xhci: Implement xhci_handshake_check_state() helper\u0027 (git-fixes).\n- Revert \u0027vgacon: Add check for vc_origin address range in vgacon_scroll()\u0027 (stable-fixes).\n- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- acpi: LPSS: Remove AudioDSP related ID (git-fixes).\n- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- alsa: hda/tegra: Add Tegra264 support (stable-fixes).\n- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).\n- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- docs/aBI: Fix sysfs-kernel-address_bits path (git-fixes).\n- documentation: ACPI: Fix parent device references (git-fixes).\n- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- hid: core: do not bypass hid_hw_raw_request (stable-fixes).\n- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- input: iqs7222 - explicitly define number of external channels (git-fixes).\n- input: xpad - adjust error handling for disconnect (git-fixes).\n- input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- logitech C-270 even more broken (stable-fixes).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- nfs: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nfsv4.2: another fix for listxattr (git-fixes).\n- nfsv4.2: fix listxattr to return selinux security label (git-fixes).\n- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- nfsv4: Always set NLINK even if the server does not support it (git-fixes).\n- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- pci: endpoint: Fix configfs group list head handling (git-fixes).\n- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- pci: rockchip-host: Fix \u0027Unexpected Completion\u0027 log message (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- pm / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- rdma/core: Rate limit GID cache warning messages (git-fixes)\n- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- rdma/hns: Drop GFP_NOWARN (git-fixes)\n- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)\n- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- rdma/hns: Fix accessing uninitialized resources (git-fixes)\n- rdma/hns: Fix double destruction of rsv_qp (git-fixes)\n- rdma/hns: Get message length of ack_req from FW (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- rdma/mlx5: Fix CC counters query for MPV (git-fixes)\n- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- rdma/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)\n- rdma/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- supported.conf: add missing entries for armv7hl\n- supported.conf: move nvme-apple to optional again\n- supported.conf: sort entries again\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- usb: serial: option: add Foxconn T99W640 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes).\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3023,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3023,SUSE-SLE-Module-RT-15-SP6-2025-3023,openSUSE-SLE-15.6-2025-3023",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03023-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03023-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503023-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03023-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041416.html"
},
{
"category": "self",
"summary": "SUSE Bug 1139073",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-29T11:54:08Z",
"generator": {
"date": "2025-08-29T11:54:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03023-1",
"initial_release_date": "2025-08-29T11:54:08Z",
"revision_history": [
{
"date": "2025-08-29T11:54:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150600.10.49.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP6",
"product": {
"name": "SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.49.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-extra-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-optional-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.49.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
},
"product_reference": "reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | \u2192 sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n \u2192 revoke_mr() |\n \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | \u2192 mlx5r_cache_create_ent_locked()\n | \u2192 kzalloc(GFP_KERNEL)\n | \u2192 fs_reclaim()\n | \u2192 mmu_notifier_invalidate_range_start()\n | \u2192 mlx5_ib_invalidate_range()\n | \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n \u2192 cache_ent_find_and_store() |\n \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_49-rt-1-150600.1.5.1.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.49.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.49.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.49.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-29T11:54:08Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2025:02969-1
Vulnerability from csaf_suse - Published: 2025-08-25 06:22 - Updated: 2025-08-25 06:22Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Fix dma_unmap_sg() nents value (git-fixes)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- acpi: LPSS: Remove AudioDSP related ID (git-fixes).
- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).
- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- alsa: hda/tegra: Add Tegra264 support (stable-fixes).
- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).
- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).
- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- hid: core: do not bypass hid_hw_raw_request (stable-fixes).
- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- input: iqs7222 - explicitly define number of external channels (git-fixes).
- input: xpad - adjust error handling for disconnect (git-fixes).
- input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- input: xpad - support Acer NGR 200 Controller (stable-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 ('kernel-obs-qa: Use srchash for dependency as well')
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- logitech C-270 even more broken (stable-fixes).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nfsv4.2: another fix for listxattr (git-fixes).
- nfsv4.2: fix listxattr to return selinux security label (git-fixes).
- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- nfsv4: Always set NLINK even if the server does not support it (git-fixes).
- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- pci/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- pci: endpoint: Fix configfs group list head handling (git-fixes).
- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- pm / devfreq: Check governor before using governor->name (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- rdma/core: Rate limit GID cache warning messages (git-fixes)
- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- rdma/hns: Drop GFP_NOWARN (git-fixes)
- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)
- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)
- rdma/hns: Fix accessing uninitialized resources (git-fixes)
- rdma/hns: Fix double destruction of rsv_qp (git-fixes)
- rdma/hns: Get message length of ack_req from FW (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- rdma/mlx5: Fix CC counters query for MPV (git-fixes)
- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)
- rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).
- smb: client: fix parsing of device numbers (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- usb: serial: option: add Foxconn T99W640 (stable-fixes).
- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-2969,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2969,openSUSE-SLE-15.6-2025-2969
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).\n- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).\n- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).\n- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).\n- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).\n- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).\n- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).\n- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).\n- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable (bsc#1242960).\n- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).\n- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).\n- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).\n- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).\n- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).\n- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).\n- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).\n- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).\n- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).\n- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).\n- CVE-2025-38074: vhost-scsi: protect vq-\u003elog_used with vq-\u003emutex (bsc#1244735).\n- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).\n- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).\n- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).\n- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).\n- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).\n- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).\n- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).\n- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).\n- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).\n- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).\n- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).\n- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).\n- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).\n- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).\n- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).\n- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).\n- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).\n- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).\n- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).\n- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).\n- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).\n- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).\n- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).\n- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).\n- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).\n- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).\n- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).\n- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).\n- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).\n- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).\n- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).\n- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).\n- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).\n- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).\n- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).\n- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).\n- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).\n- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).\n- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).\n- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).\n- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).\n- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).\n- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).\n- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).\n- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).\n- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).\n- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).\n- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).\n- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).\n- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).\n- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).\n- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).\n- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).\n- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).\n- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).\n- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).\n- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).\n- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).\n- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).\n- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).\n- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).\n- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).\n- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).\n\nThe following non-security bugs were fixed:\n\n- Documentation: ACPI: Fix parent device references (git-fixes).\n- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).\n- Fix dma_unmap_sg() nents value (git-fixes)\n- Reapply \u0027wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\u0027 (git-fixes).\n- Revert \u0027ACPI: battery: negate current when discharging\u0027 (stable-fixes).\n- Revert \u0027cgroup_freezer: cgroup_freezing: Check if not frozen\u0027 (bsc#1219338).\n- Revert \u0027drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1\u0027 (stable-fixes).\n- Revert \u0027mmc: sdhci: Disable SD card clock before changing parameters\u0027 (git-fixes).\n- Revert \u0027usb: xhci: Implement xhci_handshake_check_state() helper\u0027 (git-fixes).\n- Revert \u0027vgacon: Add check for vc_origin address range in vgacon_scroll()\u0027 (stable-fixes).\n- acpi: LPSS: Remove AudioDSP related ID (git-fixes).\n- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).\n- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).\n- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).\n- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).\n- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).\n- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).\n- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).\n- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).\n- alsa: hda/tegra: Add Tegra264 support (stable-fixes).\n- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).\n- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).\n- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).\n- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).\n- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).\n- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).\n- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).\n- aoe: clean device rq_list in aoedev_downdev() (git-fixes).\n- apple-mfi-fastcharge: protect first device name (git-fixes).\n- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).\n- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).\n- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).\n- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).\n- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).\n- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).\n- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).\n- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).\n- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).\n- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).\n- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).\n- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).\n- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).\n- audit,module: restore audit logging in load failure case (git-fixes).\n- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).\n- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).\n- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).\n- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).\n- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).\n- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).\n- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).\n- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).\n- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).\n- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).\n- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).\n- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).\n- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).\n- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).\n- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).\n- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).\n- bluetooth: hci_sync: revert some mesh modifications (git-fixes).\n- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).\n- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).\n- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).\n- bpf: Add a possibly-zero-sized read test (git-fixes).\n- bpf: Avoid __hidden__ attribute in static object (git-fixes).\n- bpf: Check percpu map value size first (git-fixes).\n- bpf: Disable some `attribute ignored\u0027 warnings in GCC (git-fixes).\n- bpf: Fix memory leak in bpf_core_apply (git-fixes).\n- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).\n- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).\n- bpf: Make the pointer returned by iter next method valid (git-fixes).\n- bpf: Simplify checking size of helper accesses (git-fixes).\n- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).\n- bpf: sockmap, updating the sg structure should also update curr (git-fixes).\n- bpftool: Fix missing pids during link show (git-fixes).\n- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).\n- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).\n- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).\n- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).\n- btrfs: do not ignore inode missing when replaying log tree (git-fixes).\n- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).\n- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).\n- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)\n- btrfs: fix assertion when building free space tree (git-fixes).\n- btrfs: fix inode lookup error handling during log replay (git-fixes).\n- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).\n- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).\n- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).\n- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).\n- btrfs: fix ssd_spread overallocation (git-fixes).\n- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).\n- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).\n- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).\n- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).\n- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).\n- btrfs: update superblock\u0027s device bytes_used when dropping chunk (git-fixes).\n- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).\n- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).\n- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).\n- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).\n- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).\n- can: kvaser_pciefd: Store device channel index (git-fixes).\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).\n- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).\n- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).\n- cdc-acm: fix race between initial clearing halt and open (git-fixes).\n- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).\n- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).\n- cifs: reconnect helper should set reconnect for the right channel (git-fixes).\n- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).\n- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).\n- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).\n- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).\n- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).\n- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).\n- comedi: Fix some signed shift left operations (git-fixes).\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).\n- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).\n- comedi: das16m1: Fix bit shift out of bounds (git-fixes).\n- comedi: das6402: Fix bit shift out of bounds (git-fixes).\n- comedi: pcl812: Fix bit shift out of bounds (git-fixes).\n- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).\n- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).\n- crypto: ccp - Fix locking on alloc failure handling (git-fixes).\n- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).\n- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).\n- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).\n- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).\n- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).\n- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).\n- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).\n- crypto: qat - fix state restore for banks with exceptions (git-fixes).\n- crypto: qat - flush misc workqueue during device shutdown (git-fixes).\n- crypto: qat - use unmanaged allocation for dc_data (git-fixes).\n- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).\n- dm-bufio: fix sched in atomic context (git-fixes).\n- dm-flakey: error all IOs when num_features is absent (git-fixes).\n- dm-flakey: make corrupting read bios work (git-fixes).\n- dm-mirror: fix a tiny race condition (git-fixes).\n- dm-raid: fix variable in journal device check (git-fixes).\n- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).\n- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).\n- dm: free table mempools if not used in __bind (git-fixes).\n- dm: restrict dm device size to 2^63-512 bytes (git-fixes).\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).\n- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).\n- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).\n- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).\n- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).\n- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).\n- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).\n- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).\n- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).\n- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).\n- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).\n- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).\n- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).\n- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).\n- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).\n- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).\n- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).\n- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).\n- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).\n- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).\n- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).\n- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).\n- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).\n- drm/msm: Fix a fence leak in submit error path (stable-fixes).\n- drm/msm: Fix another leak in the submit error path (stable-fixes).\n- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).\n- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).\n- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).\n- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).\n- drm/scheduler: signal scheduled fence when kill job (stable-fixes).\n- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).\n- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).\n- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).\n- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).\n- fbcon: Fix outdated registered_fb reference in comment (git-fixes).\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).\n- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).\n- fs/jfs: consolidate sanity checking in dbMount (git-fixes).\n- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).\n- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).\n- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).\n- gpio: sim: include a missing header (git-fixes).\n- gpio: vf610: add locking to gpio direction functions (git-fixes).\n- gpio: virtio: Fix config space reading (git-fixes).\n- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).\n- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).\n- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).\n- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).\n- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).\n- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).\n- hfs: make splice write available again (git-fixes).\n- hfsplus: make splice write available again (git-fixes).\n- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).\n- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).\n- hid: core: do not bypass hid_hw_raw_request (stable-fixes).\n- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).\n- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).\n- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).\n- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).\n- hv_netvsc: Use VF\u0027s tso_max_size value when data path is VF (bsc#1246203).\n- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).\n- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).\n- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).\n- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).\n- i2c/designware: Fix an initialization issue (git-fixes).\n- i2c: qup: jump out of the loop in case of timeout (git-fixes).\n- i2c: stm32: fix the device used for the DMA map (git-fixes).\n- i2c: tegra: Fix reset error handling with ACPI (git-fixes).\n- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).\n- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).\n- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)\n- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).\n- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).\n- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).\n- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).\n- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).\n- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).\n- input: iqs7222 - explicitly define number of external channels (git-fixes).\n- input: xpad - adjust error handling for disconnect (git-fixes).\n- input: xpad - set correct controller type for Acer NGR200 (git-fixes).\n- input: xpad - support Acer NGR 200 Controller (stable-fixes).\n- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).\n- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).\n- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).\n- iommu/vt-d: Fix possible circular locking dependency (git-fixes).\n- iommu/vt-d: Fix system hang on reboot -f (git-fixes).\n- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).\n- ipv6: mcast: Delay put pmc-\u003eidev in mld_del_delrec() (git-fixes).\n- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).\n- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).\n- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).\n- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).\n- kABI workaround for struct drm_framebuffer changes (git-fixes).\n- kABI: Fix the module::name type in audit_context (git-fixes).\n- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).\n- kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 (\u0027kernel-obs-qa: Use srchash for dependency as well\u0027)\n- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).\n- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).\n- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).\n- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).\n- logitech C-270 even more broken (stable-fixes).\n- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).\n- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).\n- media: gspca: Add bounds checking to firmware parser (git-fixes).\n- media: hi556: correct the test pattern configuration (git-fixes).\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).\n- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).\n- media: usbtv: Lock resolution while streaming (git-fixes).\n- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).\n- media: v4l2-ctrls: Do not reset handler\u0027s error in v4l2_ctrl_handler_free() (git-fixes).\n- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).\n- media: venus: Add a check for packet size after reading from shared memory (git-fixes).\n- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).\n- media: venus: protect against spurious interrupts during probe (git-fixes).\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).\n- media: vivid: fix wrong pixel_array control size (git-fixes).\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).\n- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).\n- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).\n- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).\n- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).\n- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).\n- module: Fix memory deallocation on error path in move_module() (git-fixes).\n- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).\n- module: Restore the moduleparam prefix length check (git-fixes).\n- mtd: fix possible integer overflow in erase_xfer() (git-fixes).\n- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).\n- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).\n- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).\n- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).\n- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).\n- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).\n- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).\n- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).\n- mtk-sd: reset host-\u003emrq on prepare_data() error (git-fixes).\n- mwl8k: Add missing check after DMA map (git-fixes).\n- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).\n- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).\n- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).\n- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).\n- net: mana: Add debug logs in MANA network driver (bsc#1246212).\n- net: mana: Add handler for hardware servicing events (bsc#1245730).\n- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).\n- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).\n- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).\n- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).\n- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).\n- net: mana: explain irq_setup() algorithm (bsc#1245457).\n- net: phy: Do not register LEDs for genphy (git-fixes).\n- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).\n- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).\n- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).\n- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).\n- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).\n- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).\n- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).\n- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).\n- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).\n- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).\n- nfs: Fixup allocation flags for nfsiod\u0027s __GFP_NORETRY (git-fixes).\n- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).\n- nfsv4.2: another fix for listxattr (git-fixes).\n- nfsv4.2: fix listxattr to return selinux security label (git-fixes).\n- nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).\n- nfsv4: Always set NLINK even if the server does not support it (git-fixes).\n- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).\n- nilfs2: reject invalid file types when reading inodes (git-fixes).\n- nvme-pci: refresh visible attrs after being checked (git-fixes).\n- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).\n- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).\n- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).\n- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).\n- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).\n- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).\n- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).\n- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).\n- objtool: Fix error handling inconsistencies in check() (git-fixes).\n- objtool: Ignore dangling jump table entries (git-fixes).\n- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).\n- objtool: Properly disable uaccess validation (git-fixes).\n- objtool: Silence more KCOV warnings (git-fixes).\n- objtool: Silence more KCOV warnings, part 2 (git-fixes).\n- objtool: Stop UNRET validation on UD2 (git-fixes).\n- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).\n- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).\n- pci/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).\n- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).\n- pci: endpoint: Fix configfs group list head handling (git-fixes).\n- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).\n- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).\n- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).\n- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).\n- pci: rockchip-host: Fix \u0027Unexpected Completion\u0027 log message (git-fixes).\n- perf: Fix sample vs do_exit() (bsc#1246547).\n- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).\n- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).\n- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).\n- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).\n- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).\n- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).\n- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).\n- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).\n- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).\n- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).\n- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).\n- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).\n- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).\n- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).\n- pm / devfreq: Check governor before using governor-\u003ename (git-fixes).\n- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).\n- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).\n- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).\n- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).\n- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).\n- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).\n- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).\n- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).\n- rdma/core: Rate limit GID cache warning messages (git-fixes)\n- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)\n- rdma/hns: Drop GFP_NOWARN (git-fixes)\n- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)\n- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)\n- rdma/hns: Fix accessing uninitialized resources (git-fixes)\n- rdma/hns: Fix double destruction of rsv_qp (git-fixes)\n- rdma/hns: Get message length of ack_req from FW (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)\n- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- rdma/mlx5: Fix CC counters query for MPV (git-fixes)\n- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)\n- rdma/mlx5: Fix compilation warning when USER_ACCESS isn\u0027t set (git-fixes)\n- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)\n- rdma/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert (git-fixes)\n- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)\n- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)\n- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)\n- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)\n- regmap: fix potential memory leak of regmap_bus (git-fixes).\n- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).\n- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).\n- resource: fix false warning in __request_region() (git-fixes).\n- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).\n- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).\n- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).\n- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).\n- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too.\n- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)\n- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).\n- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).\n- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).\n- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).\n- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).\n- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).\n- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).\n- s390: Add z17 elf platform (LTC#214086 bsc#1245540).\n- samples: mei: Fix building on musl libc (git-fixes).\n- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).\n- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).\n- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Modify end-of-life adapters\u0027 model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).\n- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).\n- scsi: megaraid_sas: Fix invalid node index (git-fixes).\n- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).\n- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).\n- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).\n- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).\n- selftests/bpf: Change functions definitions to support GCC (git-fixes).\n- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).\n- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).\n- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).\n- smb3: move server check earlier when setting channel sequence number (git-fixes).\n- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).\n- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).\n- smb: client: fix parsing of device numbers (git-fixes).\n- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).\n- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).\n- soc: qcom: QMI encoding/decoding for big endian (git-fixes).\n- soc: qcom: fix endianness for QMI header (git-fixes).\n- soc: qcom: pmic_glink: fix OF node leak (git-fixes).\n- soundwire: amd: fix for clearing command status register (git-fixes).\n- soundwire: stream: restore params when prepare ports fail (git-fixes).\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).\n- staging: axis-fifo: remove sysfs interface (git-fixes).\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).\n- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).\n- struct cdns: move new member to the end (git-fixes).\n- struct ucsi_operations: use padding for new operation (git-fixes).\n- sunrpc: do not immediately retransmit on seqno miss (git-fixes).\n- sunrpc: fix client side handling of tls alerts (git-fixes).\n- sunrpc: fix handling of server side tls alerts (git-fixes).\n- supported.conf: add missing entries for armv7hl\n- supported.conf: move nvme-apple to optional again\n- supported.conf: sort entries again\n- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).\n- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).\n- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).\n- thunderbolt: Fix wake on connect at runtime (git-fixes).\n- tracing/kprobe: Make trace_kprobe\u0027s module callback called after jump_label update (git-fixes).\n- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).\n- types: Complement the aligned types with signed 64-bit one (stable-fixes).\n- ucount: fix atomic_long_inc_below() argument type (git-fixes).\n- ucsi-glink: adapt to kABI consistency (git-fixes).\n- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).\n- ucsi_operations: add stubs for all operations (git-fixes).\n- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).\n- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).\n- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).\n- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).\n- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).\n- usb: cdnsp: do not disable slot for disabled slot (git-fixes).\n- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).\n- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).\n- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).\n- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).\n- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).\n- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).\n- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).\n- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).\n- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).\n- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).\n- usb: musb: fix gadget state on disconnect (git-fixes).\n- usb: musb: omap2430: fix device leak at unbind (git-fixes).\n- usb: net: sierra: check for no status endpoint (git-fixes).\n- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).\n- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).\n- usb: serial: option: add Foxconn T99W640 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).\n- usb: typec: Update sysfs when setting ops (git-fixes).\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).\n- usb: typec: displayport: Fix potential deadlock (git-fixes).\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).\n- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).\n- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).\n- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).\n- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).\n- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).\n- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).\n- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).\n- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).\n- usb: typec: ucsi: Fix the partner PD revision (git-fixes).\n- usb: typec: ucsi: Get PD revision for partner (git-fixes).\n- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).\n- usb: typec: ucsi: Update power_supply on power role change (git-fixes).\n- usb: typec: ucsi: add callback for connector status updates (git-fixes).\n- usb: typec: ucsi: add update_connector callback (git-fixes).\n- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).\n- usb: typec: ucsi: extract code to read PD caps (git-fixes).\n- usb: typec: ucsi: fix UCSI on SM8550 \u0026 SM8650 Qualcomm devices (git-fixes).\n- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).\n- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).\n- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).\n- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).\n- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).\n- usb: typec: ucsi: properly register partner\u0027s PD device (git-fixes).\n- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).\n- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).\n- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).\n- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).\n- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).\n- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).\n- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).\n- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).\n- virtgpu: do not reset on shutdown (git-fixes).\n- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).\n- vt: add missing notification when switching back to text mode (stable-fixes).\n- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).\n- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).\n- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).\n- wifi: ath11k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).\n- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).\n- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).\n- wifi: ath12k: fix source ring-buffer corruption (git-fixes).\n- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).\n- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).\n- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).\n- wifi: mac80211: Add link iteration macro for link data (stable-fixes).\n- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).\n- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).\n- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).\n- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).\n- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).\n- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).\n- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).\n- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).\n- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).\n- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).\n- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).\n- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).\n- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).\n- x86/mce/amd: Fix threshold limit reset (git-fixes).\n- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).\n- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).\n- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).\n- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).\n- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).\n- xfs: fix off-by-one error in fsmap\u0027s end_daddr usage (bsc#1235837).\n- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).\n- xfs: remove unused event xfs_alloc_near_error (git-fixes).\n- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).\n- xfs: remove unused event xfs_attr_node_removename (git-fixes).\n- xfs: remove unused event xfs_ioctl_clone (git-fixes).\n- xfs: remove unused event xfs_pagecache_inval (git-fixes).\n- xfs: remove unused event xlog_iclog_want_sync (git-fixes).\n- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).\n- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).\n- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).\n- xfs: remove unused xfs_attr events (git-fixes).\n- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).\n- xfs: remove usused xfs_end_io_direct events (git-fixes).\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).\n- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).\n- xhci: dbctty: disable ECHO flag by default (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2969,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2969,openSUSE-SLE-15.6-2025-2969",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02969-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02969-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502969-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02969-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041343.html"
},
{
"category": "self",
"summary": "SUSE Bug 1139073",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "self",
"summary": "SUSE Bug 1204142",
"url": "https://bugzilla.suse.com/1204142"
},
{
"category": "self",
"summary": "SUSE Bug 1219338",
"url": "https://bugzilla.suse.com/1219338"
},
{
"category": "self",
"summary": "SUSE Bug 1225707",
"url": "https://bugzilla.suse.com/1225707"
},
{
"category": "self",
"summary": "SUSE Bug 1230216",
"url": "https://bugzilla.suse.com/1230216"
},
{
"category": "self",
"summary": "SUSE Bug 1233300",
"url": "https://bugzilla.suse.com/1233300"
},
{
"category": "self",
"summary": "SUSE Bug 1235613",
"url": "https://bugzilla.suse.com/1235613"
},
{
"category": "self",
"summary": "SUSE Bug 1235837",
"url": "https://bugzilla.suse.com/1235837"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1238896",
"url": "https://bugzilla.suse.com/1238896"
},
{
"category": "self",
"summary": "SUSE Bug 1239061",
"url": "https://bugzilla.suse.com/1239061"
},
{
"category": "self",
"summary": "SUSE Bug 1239470",
"url": "https://bugzilla.suse.com/1239470"
},
{
"category": "self",
"summary": "SUSE Bug 1240323",
"url": "https://bugzilla.suse.com/1240323"
},
{
"category": "self",
"summary": "SUSE Bug 1240885",
"url": "https://bugzilla.suse.com/1240885"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1241537",
"url": "https://bugzilla.suse.com/1241537"
},
{
"category": "self",
"summary": "SUSE Bug 1242086",
"url": "https://bugzilla.suse.com/1242086"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242837",
"url": "https://bugzilla.suse.com/1242837"
},
{
"category": "self",
"summary": "SUSE Bug 1242960",
"url": "https://bugzilla.suse.com/1242960"
},
{
"category": "self",
"summary": "SUSE Bug 1242965",
"url": "https://bugzilla.suse.com/1242965"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243068",
"url": "https://bugzilla.suse.com/1243068"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243479",
"url": "https://bugzilla.suse.com/1243479"
},
{
"category": "self",
"summary": "SUSE Bug 1243669",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "self",
"summary": "SUSE Bug 1243806",
"url": "https://bugzilla.suse.com/1243806"
},
{
"category": "self",
"summary": "SUSE Bug 1244309",
"url": "https://bugzilla.suse.com/1244309"
},
{
"category": "self",
"summary": "SUSE Bug 1244337",
"url": "https://bugzilla.suse.com/1244337"
},
{
"category": "self",
"summary": "SUSE Bug 1244457",
"url": "https://bugzilla.suse.com/1244457"
},
{
"category": "self",
"summary": "SUSE Bug 1244735",
"url": "https://bugzilla.suse.com/1244735"
},
{
"category": "self",
"summary": "SUSE Bug 1244749",
"url": "https://bugzilla.suse.com/1244749"
},
{
"category": "self",
"summary": "SUSE Bug 1244750",
"url": "https://bugzilla.suse.com/1244750"
},
{
"category": "self",
"summary": "SUSE Bug 1244792",
"url": "https://bugzilla.suse.com/1244792"
},
{
"category": "self",
"summary": "SUSE Bug 1244801",
"url": "https://bugzilla.suse.com/1244801"
},
{
"category": "self",
"summary": "SUSE Bug 1245151",
"url": "https://bugzilla.suse.com/1245151"
},
{
"category": "self",
"summary": "SUSE Bug 1245201",
"url": "https://bugzilla.suse.com/1245201"
},
{
"category": "self",
"summary": "SUSE Bug 1245202",
"url": "https://bugzilla.suse.com/1245202"
},
{
"category": "self",
"summary": "SUSE Bug 1245216",
"url": "https://bugzilla.suse.com/1245216"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1245431",
"url": "https://bugzilla.suse.com/1245431"
},
{
"category": "self",
"summary": "SUSE Bug 1245440",
"url": "https://bugzilla.suse.com/1245440"
},
{
"category": "self",
"summary": "SUSE Bug 1245457",
"url": "https://bugzilla.suse.com/1245457"
},
{
"category": "self",
"summary": "SUSE Bug 1245498",
"url": "https://bugzilla.suse.com/1245498"
},
{
"category": "self",
"summary": "SUSE Bug 1245499",
"url": "https://bugzilla.suse.com/1245499"
},
{
"category": "self",
"summary": "SUSE Bug 1245504",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "self",
"summary": "SUSE Bug 1245506",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "self",
"summary": "SUSE Bug 1245508",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "self",
"summary": "SUSE Bug 1245510",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "self",
"summary": "SUSE Bug 1245540",
"url": "https://bugzilla.suse.com/1245540"
},
{
"category": "self",
"summary": "SUSE Bug 1245598",
"url": "https://bugzilla.suse.com/1245598"
},
{
"category": "self",
"summary": "SUSE Bug 1245599",
"url": "https://bugzilla.suse.com/1245599"
},
{
"category": "self",
"summary": "SUSE Bug 1245646",
"url": "https://bugzilla.suse.com/1245646"
},
{
"category": "self",
"summary": "SUSE Bug 1245647",
"url": "https://bugzilla.suse.com/1245647"
},
{
"category": "self",
"summary": "SUSE Bug 1245649",
"url": "https://bugzilla.suse.com/1245649"
},
{
"category": "self",
"summary": "SUSE Bug 1245650",
"url": "https://bugzilla.suse.com/1245650"
},
{
"category": "self",
"summary": "SUSE Bug 1245654",
"url": "https://bugzilla.suse.com/1245654"
},
{
"category": "self",
"summary": "SUSE Bug 1245658",
"url": "https://bugzilla.suse.com/1245658"
},
{
"category": "self",
"summary": "SUSE Bug 1245660",
"url": "https://bugzilla.suse.com/1245660"
},
{
"category": "self",
"summary": "SUSE Bug 1245665",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "self",
"summary": "SUSE Bug 1245666",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "self",
"summary": "SUSE Bug 1245668",
"url": "https://bugzilla.suse.com/1245668"
},
{
"category": "self",
"summary": "SUSE Bug 1245669",
"url": "https://bugzilla.suse.com/1245669"
},
{
"category": "self",
"summary": "SUSE Bug 1245670",
"url": "https://bugzilla.suse.com/1245670"
},
{
"category": "self",
"summary": "SUSE Bug 1245671",
"url": "https://bugzilla.suse.com/1245671"
},
{
"category": "self",
"summary": "SUSE Bug 1245675",
"url": "https://bugzilla.suse.com/1245675"
},
{
"category": "self",
"summary": "SUSE Bug 1245676",
"url": "https://bugzilla.suse.com/1245676"
},
{
"category": "self",
"summary": "SUSE Bug 1245677",
"url": "https://bugzilla.suse.com/1245677"
},
{
"category": "self",
"summary": "SUSE Bug 1245679",
"url": "https://bugzilla.suse.com/1245679"
},
{
"category": "self",
"summary": "SUSE Bug 1245682",
"url": "https://bugzilla.suse.com/1245682"
},
{
"category": "self",
"summary": "SUSE Bug 1245683",
"url": "https://bugzilla.suse.com/1245683"
},
{
"category": "self",
"summary": "SUSE Bug 1245684",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "self",
"summary": "SUSE Bug 1245688",
"url": "https://bugzilla.suse.com/1245688"
},
{
"category": "self",
"summary": "SUSE Bug 1245689",
"url": "https://bugzilla.suse.com/1245689"
},
{
"category": "self",
"summary": "SUSE Bug 1245690",
"url": "https://bugzilla.suse.com/1245690"
},
{
"category": "self",
"summary": "SUSE Bug 1245691",
"url": "https://bugzilla.suse.com/1245691"
},
{
"category": "self",
"summary": "SUSE Bug 1245695",
"url": "https://bugzilla.suse.com/1245695"
},
{
"category": "self",
"summary": "SUSE Bug 1245705",
"url": "https://bugzilla.suse.com/1245705"
},
{
"category": "self",
"summary": "SUSE Bug 1245708",
"url": "https://bugzilla.suse.com/1245708"
},
{
"category": "self",
"summary": "SUSE Bug 1245711",
"url": "https://bugzilla.suse.com/1245711"
},
{
"category": "self",
"summary": "SUSE Bug 1245713",
"url": "https://bugzilla.suse.com/1245713"
},
{
"category": "self",
"summary": "SUSE Bug 1245714",
"url": "https://bugzilla.suse.com/1245714"
},
{
"category": "self",
"summary": "SUSE Bug 1245719",
"url": "https://bugzilla.suse.com/1245719"
},
{
"category": "self",
"summary": "SUSE Bug 1245723",
"url": "https://bugzilla.suse.com/1245723"
},
{
"category": "self",
"summary": "SUSE Bug 1245729",
"url": "https://bugzilla.suse.com/1245729"
},
{
"category": "self",
"summary": "SUSE Bug 1245730",
"url": "https://bugzilla.suse.com/1245730"
},
{
"category": "self",
"summary": "SUSE Bug 1245731",
"url": "https://bugzilla.suse.com/1245731"
},
{
"category": "self",
"summary": "SUSE Bug 1245735",
"url": "https://bugzilla.suse.com/1245735"
},
{
"category": "self",
"summary": "SUSE Bug 1245737",
"url": "https://bugzilla.suse.com/1245737"
},
{
"category": "self",
"summary": "SUSE Bug 1245744",
"url": "https://bugzilla.suse.com/1245744"
},
{
"category": "self",
"summary": "SUSE Bug 1245745",
"url": "https://bugzilla.suse.com/1245745"
},
{
"category": "self",
"summary": "SUSE Bug 1245746",
"url": "https://bugzilla.suse.com/1245746"
},
{
"category": "self",
"summary": "SUSE Bug 1245747",
"url": "https://bugzilla.suse.com/1245747"
},
{
"category": "self",
"summary": "SUSE Bug 1245748",
"url": "https://bugzilla.suse.com/1245748"
},
{
"category": "self",
"summary": "SUSE Bug 1245749",
"url": "https://bugzilla.suse.com/1245749"
},
{
"category": "self",
"summary": "SUSE Bug 1245750",
"url": "https://bugzilla.suse.com/1245750"
},
{
"category": "self",
"summary": "SUSE Bug 1245751",
"url": "https://bugzilla.suse.com/1245751"
},
{
"category": "self",
"summary": "SUSE Bug 1245752",
"url": "https://bugzilla.suse.com/1245752"
},
{
"category": "self",
"summary": "SUSE Bug 1245757",
"url": "https://bugzilla.suse.com/1245757"
},
{
"category": "self",
"summary": "SUSE Bug 1245758",
"url": "https://bugzilla.suse.com/1245758"
},
{
"category": "self",
"summary": "SUSE Bug 1245765",
"url": "https://bugzilla.suse.com/1245765"
},
{
"category": "self",
"summary": "SUSE Bug 1245768",
"url": "https://bugzilla.suse.com/1245768"
},
{
"category": "self",
"summary": "SUSE Bug 1245769",
"url": "https://bugzilla.suse.com/1245769"
},
{
"category": "self",
"summary": "SUSE Bug 1245777",
"url": "https://bugzilla.suse.com/1245777"
},
{
"category": "self",
"summary": "SUSE Bug 1245781",
"url": "https://bugzilla.suse.com/1245781"
},
{
"category": "self",
"summary": "SUSE Bug 1245789",
"url": "https://bugzilla.suse.com/1245789"
},
{
"category": "self",
"summary": "SUSE Bug 1245937",
"url": "https://bugzilla.suse.com/1245937"
},
{
"category": "self",
"summary": "SUSE Bug 1245945",
"url": "https://bugzilla.suse.com/1245945"
},
{
"category": "self",
"summary": "SUSE Bug 1245951",
"url": "https://bugzilla.suse.com/1245951"
},
{
"category": "self",
"summary": "SUSE Bug 1245952",
"url": "https://bugzilla.suse.com/1245952"
},
{
"category": "self",
"summary": "SUSE Bug 1245954",
"url": "https://bugzilla.suse.com/1245954"
},
{
"category": "self",
"summary": "SUSE Bug 1245957",
"url": "https://bugzilla.suse.com/1245957"
},
{
"category": "self",
"summary": "SUSE Bug 1245966",
"url": "https://bugzilla.suse.com/1245966"
},
{
"category": "self",
"summary": "SUSE Bug 1245970",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "self",
"summary": "SUSE Bug 1245976",
"url": "https://bugzilla.suse.com/1245976"
},
{
"category": "self",
"summary": "SUSE Bug 1245980",
"url": "https://bugzilla.suse.com/1245980"
},
{
"category": "self",
"summary": "SUSE Bug 1245983",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "self",
"summary": "SUSE Bug 1245986",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "self",
"summary": "SUSE Bug 1246000",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "self",
"summary": "SUSE Bug 1246002",
"url": "https://bugzilla.suse.com/1246002"
},
{
"category": "self",
"summary": "SUSE Bug 1246006",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "self",
"summary": "SUSE Bug 1246008",
"url": "https://bugzilla.suse.com/1246008"
},
{
"category": "self",
"summary": "SUSE Bug 1246020",
"url": "https://bugzilla.suse.com/1246020"
},
{
"category": "self",
"summary": "SUSE Bug 1246023",
"url": "https://bugzilla.suse.com/1246023"
},
{
"category": "self",
"summary": "SUSE Bug 1246029",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "self",
"summary": "SUSE Bug 1246031",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "self",
"summary": "SUSE Bug 1246037",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "self",
"summary": "SUSE Bug 1246041",
"url": "https://bugzilla.suse.com/1246041"
},
{
"category": "self",
"summary": "SUSE Bug 1246042",
"url": "https://bugzilla.suse.com/1246042"
},
{
"category": "self",
"summary": "SUSE Bug 1246044",
"url": "https://bugzilla.suse.com/1246044"
},
{
"category": "self",
"summary": "SUSE Bug 1246045",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "self",
"summary": "SUSE Bug 1246047",
"url": "https://bugzilla.suse.com/1246047"
},
{
"category": "self",
"summary": "SUSE Bug 1246049",
"url": "https://bugzilla.suse.com/1246049"
},
{
"category": "self",
"summary": "SUSE Bug 1246050",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "self",
"summary": "SUSE Bug 1246055",
"url": "https://bugzilla.suse.com/1246055"
},
{
"category": "self",
"summary": "SUSE Bug 1246073",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "self",
"summary": "SUSE Bug 1246093",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "self",
"summary": "SUSE Bug 1246098",
"url": "https://bugzilla.suse.com/1246098"
},
{
"category": "self",
"summary": "SUSE Bug 1246109",
"url": "https://bugzilla.suse.com/1246109"
},
{
"category": "self",
"summary": "SUSE Bug 1246122",
"url": "https://bugzilla.suse.com/1246122"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1246171",
"url": "https://bugzilla.suse.com/1246171"
},
{
"category": "self",
"summary": "SUSE Bug 1246173",
"url": "https://bugzilla.suse.com/1246173"
},
{
"category": "self",
"summary": "SUSE Bug 1246178",
"url": "https://bugzilla.suse.com/1246178"
},
{
"category": "self",
"summary": "SUSE Bug 1246182",
"url": "https://bugzilla.suse.com/1246182"
},
{
"category": "self",
"summary": "SUSE Bug 1246183",
"url": "https://bugzilla.suse.com/1246183"
},
{
"category": "self",
"summary": "SUSE Bug 1246186",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "self",
"summary": "SUSE Bug 1246195",
"url": "https://bugzilla.suse.com/1246195"
},
{
"category": "self",
"summary": "SUSE Bug 1246203",
"url": "https://bugzilla.suse.com/1246203"
},
{
"category": "self",
"summary": "SUSE Bug 1246212",
"url": "https://bugzilla.suse.com/1246212"
},
{
"category": "self",
"summary": "SUSE Bug 1246220",
"url": "https://bugzilla.suse.com/1246220"
},
{
"category": "self",
"summary": "SUSE Bug 1246236",
"url": "https://bugzilla.suse.com/1246236"
},
{
"category": "self",
"summary": "SUSE Bug 1246240",
"url": "https://bugzilla.suse.com/1246240"
},
{
"category": "self",
"summary": "SUSE Bug 1246243",
"url": "https://bugzilla.suse.com/1246243"
},
{
"category": "self",
"summary": "SUSE Bug 1246246",
"url": "https://bugzilla.suse.com/1246246"
},
{
"category": "self",
"summary": "SUSE Bug 1246249",
"url": "https://bugzilla.suse.com/1246249"
},
{
"category": "self",
"summary": "SUSE Bug 1246250",
"url": "https://bugzilla.suse.com/1246250"
},
{
"category": "self",
"summary": "SUSE Bug 1246253",
"url": "https://bugzilla.suse.com/1246253"
},
{
"category": "self",
"summary": "SUSE Bug 1246258",
"url": "https://bugzilla.suse.com/1246258"
},
{
"category": "self",
"summary": "SUSE Bug 1246262",
"url": "https://bugzilla.suse.com/1246262"
},
{
"category": "self",
"summary": "SUSE Bug 1246264",
"url": "https://bugzilla.suse.com/1246264"
},
{
"category": "self",
"summary": "SUSE Bug 1246266",
"url": "https://bugzilla.suse.com/1246266"
},
{
"category": "self",
"summary": "SUSE Bug 1246268",
"url": "https://bugzilla.suse.com/1246268"
},
{
"category": "self",
"summary": "SUSE Bug 1246273",
"url": "https://bugzilla.suse.com/1246273"
},
{
"category": "self",
"summary": "SUSE Bug 1246283",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "self",
"summary": "SUSE Bug 1246287",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "self",
"summary": "SUSE Bug 1246292",
"url": "https://bugzilla.suse.com/1246292"
},
{
"category": "self",
"summary": "SUSE Bug 1246293",
"url": "https://bugzilla.suse.com/1246293"
},
{
"category": "self",
"summary": "SUSE Bug 1246295",
"url": "https://bugzilla.suse.com/1246295"
},
{
"category": "self",
"summary": "SUSE Bug 1246334",
"url": "https://bugzilla.suse.com/1246334"
},
{
"category": "self",
"summary": "SUSE Bug 1246337",
"url": "https://bugzilla.suse.com/1246337"
},
{
"category": "self",
"summary": "SUSE Bug 1246342",
"url": "https://bugzilla.suse.com/1246342"
},
{
"category": "self",
"summary": "SUSE Bug 1246349",
"url": "https://bugzilla.suse.com/1246349"
},
{
"category": "self",
"summary": "SUSE Bug 1246354",
"url": "https://bugzilla.suse.com/1246354"
},
{
"category": "self",
"summary": "SUSE Bug 1246358",
"url": "https://bugzilla.suse.com/1246358"
},
{
"category": "self",
"summary": "SUSE Bug 1246361",
"url": "https://bugzilla.suse.com/1246361"
},
{
"category": "self",
"summary": "SUSE Bug 1246364",
"url": "https://bugzilla.suse.com/1246364"
},
{
"category": "self",
"summary": "SUSE Bug 1246370",
"url": "https://bugzilla.suse.com/1246370"
},
{
"category": "self",
"summary": "SUSE Bug 1246375",
"url": "https://bugzilla.suse.com/1246375"
},
{
"category": "self",
"summary": "SUSE Bug 1246384",
"url": "https://bugzilla.suse.com/1246384"
},
{
"category": "self",
"summary": "SUSE Bug 1246386",
"url": "https://bugzilla.suse.com/1246386"
},
{
"category": "self",
"summary": "SUSE Bug 1246387",
"url": "https://bugzilla.suse.com/1246387"
},
{
"category": "self",
"summary": "SUSE Bug 1246438",
"url": "https://bugzilla.suse.com/1246438"
},
{
"category": "self",
"summary": "SUSE Bug 1246453",
"url": "https://bugzilla.suse.com/1246453"
},
{
"category": "self",
"summary": "SUSE Bug 1246473",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "self",
"summary": "SUSE Bug 1246490",
"url": "https://bugzilla.suse.com/1246490"
},
{
"category": "self",
"summary": "SUSE Bug 1246506",
"url": "https://bugzilla.suse.com/1246506"
},
{
"category": "self",
"summary": "SUSE Bug 1246547",
"url": "https://bugzilla.suse.com/1246547"
},
{
"category": "self",
"summary": "SUSE Bug 1246777",
"url": "https://bugzilla.suse.com/1246777"
},
{
"category": "self",
"summary": "SUSE Bug 1246781",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "self",
"summary": "SUSE Bug 1246870",
"url": "https://bugzilla.suse.com/1246870"
},
{
"category": "self",
"summary": "SUSE Bug 1246879",
"url": "https://bugzilla.suse.com/1246879"
},
{
"category": "self",
"summary": "SUSE Bug 1246911",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "self",
"summary": "SUSE Bug 1247018",
"url": "https://bugzilla.suse.com/1247018"
},
{
"category": "self",
"summary": "SUSE Bug 1247023",
"url": "https://bugzilla.suse.com/1247023"
},
{
"category": "self",
"summary": "SUSE Bug 1247028",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "self",
"summary": "SUSE Bug 1247031",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "self",
"summary": "SUSE Bug 1247033",
"url": "https://bugzilla.suse.com/1247033"
},
{
"category": "self",
"summary": "SUSE Bug 1247035",
"url": "https://bugzilla.suse.com/1247035"
},
{
"category": "self",
"summary": "SUSE Bug 1247061",
"url": "https://bugzilla.suse.com/1247061"
},
{
"category": "self",
"summary": "SUSE Bug 1247089",
"url": "https://bugzilla.suse.com/1247089"
},
{
"category": "self",
"summary": "SUSE Bug 1247091",
"url": "https://bugzilla.suse.com/1247091"
},
{
"category": "self",
"summary": "SUSE Bug 1247097",
"url": "https://bugzilla.suse.com/1247097"
},
{
"category": "self",
"summary": "SUSE Bug 1247098",
"url": "https://bugzilla.suse.com/1247098"
},
{
"category": "self",
"summary": "SUSE Bug 1247101",
"url": "https://bugzilla.suse.com/1247101"
},
{
"category": "self",
"summary": "SUSE Bug 1247103",
"url": "https://bugzilla.suse.com/1247103"
},
{
"category": "self",
"summary": "SUSE Bug 1247104",
"url": "https://bugzilla.suse.com/1247104"
},
{
"category": "self",
"summary": "SUSE Bug 1247113",
"url": "https://bugzilla.suse.com/1247113"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247123",
"url": "https://bugzilla.suse.com/1247123"
},
{
"category": "self",
"summary": "SUSE Bug 1247125",
"url": "https://bugzilla.suse.com/1247125"
},
{
"category": "self",
"summary": "SUSE Bug 1247128",
"url": "https://bugzilla.suse.com/1247128"
},
{
"category": "self",
"summary": "SUSE Bug 1247132",
"url": "https://bugzilla.suse.com/1247132"
},
{
"category": "self",
"summary": "SUSE Bug 1247138",
"url": "https://bugzilla.suse.com/1247138"
},
{
"category": "self",
"summary": "SUSE Bug 1247141",
"url": "https://bugzilla.suse.com/1247141"
},
{
"category": "self",
"summary": "SUSE Bug 1247143",
"url": "https://bugzilla.suse.com/1247143"
},
{
"category": "self",
"summary": "SUSE Bug 1247145",
"url": "https://bugzilla.suse.com/1247145"
},
{
"category": "self",
"summary": "SUSE Bug 1247146",
"url": "https://bugzilla.suse.com/1247146"
},
{
"category": "self",
"summary": "SUSE Bug 1247147",
"url": "https://bugzilla.suse.com/1247147"
},
{
"category": "self",
"summary": "SUSE Bug 1247149",
"url": "https://bugzilla.suse.com/1247149"
},
{
"category": "self",
"summary": "SUSE Bug 1247150",
"url": "https://bugzilla.suse.com/1247150"
},
{
"category": "self",
"summary": "SUSE Bug 1247151",
"url": "https://bugzilla.suse.com/1247151"
},
{
"category": "self",
"summary": "SUSE Bug 1247153",
"url": "https://bugzilla.suse.com/1247153"
},
{
"category": "self",
"summary": "SUSE Bug 1247154",
"url": "https://bugzilla.suse.com/1247154"
},
{
"category": "self",
"summary": "SUSE Bug 1247156",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "self",
"summary": "SUSE Bug 1247160",
"url": "https://bugzilla.suse.com/1247160"
},
{
"category": "self",
"summary": "SUSE Bug 1247164",
"url": "https://bugzilla.suse.com/1247164"
},
{
"category": "self",
"summary": "SUSE Bug 1247169",
"url": "https://bugzilla.suse.com/1247169"
},
{
"category": "self",
"summary": "SUSE Bug 1247170",
"url": "https://bugzilla.suse.com/1247170"
},
{
"category": "self",
"summary": "SUSE Bug 1247171",
"url": "https://bugzilla.suse.com/1247171"
},
{
"category": "self",
"summary": "SUSE Bug 1247172",
"url": "https://bugzilla.suse.com/1247172"
},
{
"category": "self",
"summary": "SUSE Bug 1247174",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "self",
"summary": "SUSE Bug 1247176",
"url": "https://bugzilla.suse.com/1247176"
},
{
"category": "self",
"summary": "SUSE Bug 1247177",
"url": "https://bugzilla.suse.com/1247177"
},
{
"category": "self",
"summary": "SUSE Bug 1247178",
"url": "https://bugzilla.suse.com/1247178"
},
{
"category": "self",
"summary": "SUSE Bug 1247181",
"url": "https://bugzilla.suse.com/1247181"
},
{
"category": "self",
"summary": "SUSE Bug 1247209",
"url": "https://bugzilla.suse.com/1247209"
},
{
"category": "self",
"summary": "SUSE Bug 1247210",
"url": "https://bugzilla.suse.com/1247210"
},
{
"category": "self",
"summary": "SUSE Bug 1247227",
"url": "https://bugzilla.suse.com/1247227"
},
{
"category": "self",
"summary": "SUSE Bug 1247233",
"url": "https://bugzilla.suse.com/1247233"
},
{
"category": "self",
"summary": "SUSE Bug 1247236",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "self",
"summary": "SUSE Bug 1247238",
"url": "https://bugzilla.suse.com/1247238"
},
{
"category": "self",
"summary": "SUSE Bug 1247241",
"url": "https://bugzilla.suse.com/1247241"
},
{
"category": "self",
"summary": "SUSE Bug 1247251",
"url": "https://bugzilla.suse.com/1247251"
},
{
"category": "self",
"summary": "SUSE Bug 1247252",
"url": "https://bugzilla.suse.com/1247252"
},
{
"category": "self",
"summary": "SUSE Bug 1247253",
"url": "https://bugzilla.suse.com/1247253"
},
{
"category": "self",
"summary": "SUSE Bug 1247255",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "self",
"summary": "SUSE Bug 1247271",
"url": "https://bugzilla.suse.com/1247271"
},
{
"category": "self",
"summary": "SUSE Bug 1247273",
"url": "https://bugzilla.suse.com/1247273"
},
{
"category": "self",
"summary": "SUSE Bug 1247274",
"url": "https://bugzilla.suse.com/1247274"
},
{
"category": "self",
"summary": "SUSE Bug 1247276",
"url": "https://bugzilla.suse.com/1247276"
},
{
"category": "self",
"summary": "SUSE Bug 1247277",
"url": "https://bugzilla.suse.com/1247277"
},
{
"category": "self",
"summary": "SUSE Bug 1247278",
"url": "https://bugzilla.suse.com/1247278"
},
{
"category": "self",
"summary": "SUSE Bug 1247279",
"url": "https://bugzilla.suse.com/1247279"
},
{
"category": "self",
"summary": "SUSE Bug 1247284",
"url": "https://bugzilla.suse.com/1247284"
},
{
"category": "self",
"summary": "SUSE Bug 1247285",
"url": "https://bugzilla.suse.com/1247285"
},
{
"category": "self",
"summary": "SUSE Bug 1247288",
"url": "https://bugzilla.suse.com/1247288"
},
{
"category": "self",
"summary": "SUSE Bug 1247289",
"url": "https://bugzilla.suse.com/1247289"
},
{
"category": "self",
"summary": "SUSE Bug 1247293",
"url": "https://bugzilla.suse.com/1247293"
},
{
"category": "self",
"summary": "SUSE Bug 1247311",
"url": "https://bugzilla.suse.com/1247311"
},
{
"category": "self",
"summary": "SUSE Bug 1247314",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "self",
"summary": "SUSE Bug 1247317",
"url": "https://bugzilla.suse.com/1247317"
},
{
"category": "self",
"summary": "SUSE Bug 1247347",
"url": "https://bugzilla.suse.com/1247347"
},
{
"category": "self",
"summary": "SUSE Bug 1247348",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "self",
"summary": "SUSE Bug 1247349",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "self",
"summary": "SUSE Bug 1247374",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "self",
"summary": "SUSE Bug 1247437",
"url": "https://bugzilla.suse.com/1247437"
},
{
"category": "self",
"summary": "SUSE Bug 1247450",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36028 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36348 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36349 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36350 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36357 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56742 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38034 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38074 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38084 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38089 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38095 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38098 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38120 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38122 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38124 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38127 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38132 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38135 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38142 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38143 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38147 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38149 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38151 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38153 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38155 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38161 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38162 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38165 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38173 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38174 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38177 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38180 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38193 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38202 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38203 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38210 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38211 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38212 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38213 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38214 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38215 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38220 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38226 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38227 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38244 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38246 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38248 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38249 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38250 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38250/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38257 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38259 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38259/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38264 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38272 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38273 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38275 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38289 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38292 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38300 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38303 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38304 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38305 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38307 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38310 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38313 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38319 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38323 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38326 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38328 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38334 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38338 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38342 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38343 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38382 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38384 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38385 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38387 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38389 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38391 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38392 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38393 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38395 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38399 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38400 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38401 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38404 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38409 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38412 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38414 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38420 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38425 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38426 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38428 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38429 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38430 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38443 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38448 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38449 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38455 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38457 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38460 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38461 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38462 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38463 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38467 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38468 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38470 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38473 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38474 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38476 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38477 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38478 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38480 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38481 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38482 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38483 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38485 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38487 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38489 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38496 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38497 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38498 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38498/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-08-25T06:22:23Z",
"generator": {
"date": "2025-08-25T06:22:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02969-1",
"initial_release_date": "2025-08-25T06:22:23Z",
"revision_history": [
{
"date": "2025-08-25T06:22:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "kernel-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150600.8.48.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.48.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.48.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.48.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.48.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2024-36028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36028"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36028",
"url": "https://www.suse.com/security/cve/CVE-2024-36028"
},
{
"category": "external",
"summary": "SUSE Bug 1225707 for CVE-2024-36028",
"url": "https://bugzilla.suse.com/1225707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36348"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36348",
"url": "https://www.suse.com/security/cve/CVE-2024-36348"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36348",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-36348"
},
{
"cve": "CVE-2024-36349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36349"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36349",
"url": "https://www.suse.com/security/cve/CVE-2024-36349"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36349",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-36349"
},
{
"cve": "CVE-2024-36350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36350"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36350",
"url": "https://www.suse.com/security/cve/CVE-2024-36350"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36350",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36357"
}
],
"notes": [
{
"category": "general",
"text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36357",
"url": "https://www.suse.com/security/cve/CVE-2024-36357"
},
{
"category": "external",
"summary": "SUSE Bug 1238896 for CVE-2024-36357",
"url": "https://bugzilla.suse.com/1238896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-44963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44963",
"url": "https://www.suse.com/security/cve/CVE-2024-44963"
},
{
"category": "external",
"summary": "SUSE Bug 1230216 for CVE-2024-44963",
"url": "https://bugzilla.suse.com/1230216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-44963"
},
{
"cve": "CVE-2024-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it\u0027s okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49861",
"url": "https://www.suse.com/security/cve/CVE-2024-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1232254 for CVE-2024-49861",
"url": "https://bugzilla.suse.com/1232254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-49861"
},
{
"cve": "CVE-2024-56742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()\n\nFix an unwind issue in mlx5vf_add_migration_pages().\n\nIf a set of pages is allocated but fails to be added to the SG table,\nthey need to be freed to prevent a memory leak.\n\nAny pages successfully added to the SG table will be freed as part of\nmlx5vf_free_data_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56742",
"url": "https://www.suse.com/security/cve/CVE-2024-56742"
},
{
"category": "external",
"summary": "SUSE Bug 1235613 for CVE-2024-56742",
"url": "https://bugzilla.suse.com/1235613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-56742"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2025-21839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop\n\nMove the conditional loading of hardware DR6 with the guest\u0027s DR6 value\nout of the core .vcpu_run() loop to fix a bug where KVM can load hardware\nwith a stale vcpu-\u003earch.dr6.\n\nWhen the guest accesses a DR and host userspace isn\u0027t debugging the guest,\nKVM disables DR interception and loads the guest\u0027s values into hardware on\nVM-Enter and saves them on VM-Exit. This allows the guest to access DRs\nat will, e.g. so that a sequence of DR accesses to configure a breakpoint\nonly generates one VM-Exit.\n\nFor DR0-DR3, the logic/behavior is identical between VMX and SVM, and also\nidentical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest)\nand KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading\nDR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop.\n\nBut for DR6, the guest\u0027s value doesn\u0027t need to be loaded into hardware for\nKVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas\nVMX requires software to manually load the guest value, and so loading the\nguest\u0027s value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done\n_inside_ the core run loop.\n\nUnfortunately, saving the guest values on VM-Exit is initiated by common\nx86, again outside of the core run loop. If the guest modifies DR6 (in\nhardware, when DR interception is disabled), and then the next VM-Exit is\na fastpath VM-Exit, KVM will reload hardware DR6 with vcpu-\u003earch.dr6 and\nclobber the guest\u0027s actual value.\n\nThe bug shows up primarily with nested VMX because KVM handles the VMX\npreemption timer in the fastpath, and the window between hardware DR6\nbeing modified (in guest context) and DR6 being read by guest software is\norders of magnitude larger in a nested setup. E.g. in non-nested, the\nVMX preemption timer would need to fire precisely between #DB injection\nand the #DB handler\u0027s read of DR6, whereas with a KVM-on-KVM setup, the\nwindow where hardware DR6 is \"dirty\" extends all the way from L1 writing\nDR6 to VMRESUME (in L1).\n\n L1\u0027s view:\n ==========\n \u003cL1 disables DR interception\u003e\n CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0\n A: L1 Writes DR6\n CPU 0/KVM-7289 [023] d.... 2925.640963: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff1\n\n B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec\n\n D: L1 reads DR6, arch.dr6 = 0\n CPU 0/KVM-7289 [023] d.... 2925.640969: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0\n L2 reads DR6, L1 disables DR interception\n CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216\n CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0\n\n CPU 0/KVM-7289 [023] d.... 2925.640983: \u003chack\u003e: Set DRs, DR6 = 0xffff0ff0\n\n L2 detects failure\n CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT\n L1 reads DR6 (confirms failure)\n CPU 0/KVM-7289 [023] d.... 2925.640990: \u003chack\u003e: Sync DRs, DR6 = 0xffff0ff0\n\n L0\u0027s view:\n ==========\n L2 reads DR6, arch.dr6 = 0\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216\n\n L2 =\u003e L1 nested VM-Exit\n CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216\n\n CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD\n CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23\n CPU 23/KVM-5046 [001] d.... 3410.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21839",
"url": "https://www.suse.com/security/cve/CVE-2025-21839"
},
{
"category": "external",
"summary": "SUSE Bug 1239061 for CVE-2025-21839",
"url": "https://bugzilla.suse.com/1239061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-21839"
},
{
"cve": "CVE-2025-21854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21854",
"url": "https://www.suse.com/security/cve/CVE-2025-21854"
},
{
"category": "external",
"summary": "SUSE Bug 1239470 for CVE-2025-21854",
"url": "https://bugzilla.suse.com/1239470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-21854"
},
{
"cve": "CVE-2025-21872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21872"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don\u0027t map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn\u0027t actually necessary, as we don\u0027t ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we\u0027re not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21872",
"url": "https://www.suse.com/security/cve/CVE-2025-21872"
},
{
"category": "external",
"summary": "SUSE Bug 1240323 for CVE-2025-21872",
"url": "https://bugzilla.suse.com/1240323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-21872"
},
{
"cve": "CVE-2025-22090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22090",
"url": "https://www.suse.com/security/cve/CVE-2025-22090"
},
{
"category": "external",
"summary": "SUSE Bug 1241537 for CVE-2025-22090",
"url": "https://bugzilla.suse.com/1241537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: don\u0027t propagate flags on open\n\nWith the device instance lock, there is now a possibility of a deadlock:\n\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(\u0026dev-\u003elock);\n[ 1.212944] lock(\u0026dev-\u003elock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (\u0026dev-\u003elock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \u003cTASK\u003e\n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev-\u003eflags \u0026 IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev-\u003evlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\n\nDevice setup:\n\n netdevsim0 (down)\n ^ ^\n bond netdevsim1.100@netdevsim1 allmulticast=on (down)\n\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan\u0027s allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\n\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\n\nReproducer:\n\n echo 0 1 \u003e /sys/bus/netdevsim/new_device\n\n dev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\n dev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\n\n ip link set dev $dev name netdevsim0\n ip link set dev netdevsim0 up\n\n ip link add link netdevsim0 name netdevsim0.100 type vlan id 100\n ip link set dev netdevsim0.100 allm\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23163",
"url": "https://www.suse.com/security/cve/CVE-2025-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1242837 for CVE-2025-23163",
"url": "https://bugzilla.suse.com/1242837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-23163"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37856",
"url": "https://www.suse.com/security/cve/CVE-2025-37856"
},
{
"category": "external",
"summary": "SUSE Bug 1243068 for CVE-2025-37856",
"url": "https://bugzilla.suse.com/1243068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-37856"
},
{
"cve": "CVE-2025-37864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: clean up FDB, MDB, VLAN entries on unbind\n\nAs explained in many places such as commit b117e1e8a86d (\"net: dsa:\ndelete dsa_legacy_fdb_add and dsa_legacy_fdb_del\"), DSA is written given\nthe assumption that higher layers have balanced additions/deletions.\nAs such, it only makes sense to be extremely vocal when those\nassumptions are violated and the driver unbinds with entries still\npresent.\n\nBut Ido Schimmel points out a very simple situation where that is wrong:\nhttps://lore.kernel.org/netdev/ZDazSM5UsPPjQuKr@shredder/\n(also briefly discussed by me in the aforementioned commit).\n\nBasically, while the bridge bypass operations are not something that DSA\nexplicitly documents, and for the majority of DSA drivers this API\nsimply causes them to go to promiscuous mode, that isn\u0027t the case for\nall drivers. Some have the necessary requirements for bridge bypass\noperations to do something useful - see dsa_switch_supports_uc_filtering().\n\nAlthough in tools/testing/selftests/net/forwarding/local_termination.sh,\nwe made an effort to popularize better mechanisms to manage address\nfilters on DSA interfaces from user space - namely macvlan for unicast,\nand setsockopt(IP_ADD_MEMBERSHIP) - through mtools - for multicast, the\nfact is that \u0027bridge fdb add ... self static local\u0027 also exists as\nkernel UAPI, and might be useful to someone, even if only for a quick\nhack.\n\nIt seems counter-productive to block that path by implementing shim\n.ndo_fdb_add and .ndo_fdb_del operations which just return -EOPNOTSUPP\nin order to prevent the ndo_dflt_fdb_add() and ndo_dflt_fdb_del() from\nrunning, although we could do that.\n\nAccepting that cleanup is necessary seems to be the only option.\nEspecially since we appear to be coming back at this from a different\nangle as well. Russell King is noticing that the WARN_ON() triggers even\nfor VLANs:\nhttps://lore.kernel.org/netdev/Z_li8Bj8bD4-BYKQ@shell.armlinux.org.uk/\n\nWhat happens in the bug report above is that dsa_port_do_vlan_del() fails,\nthen the VLAN entry lingers on, and then we warn on unbind and leak it.\n\nThis is not a straight revert of the blamed commit, but we now add an\ninformational print to the kernel log (to still have a way to see\nthat bugs exist), and some extra comments gathered from past years\u0027\nexperience, to justify the logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37864",
"url": "https://www.suse.com/security/cve/CVE-2025-37864"
},
{
"category": "external",
"summary": "SUSE Bug 1242965 for CVE-2025-37864",
"url": "https://bugzilla.suse.com/1242965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-37864"
},
{
"cve": "CVE-2025-37885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reset IRTE to host control if *new* route isn\u0027t postable\n\nRestore an IRTE back to host control (remapped or posted MSI mode) if the\n*new* GSI route prevents posting the IRQ directly to a vCPU, regardless of\nthe GSI routing type. Updating the IRTE if and only if the new GSI is an\nMSI results in KVM leaving an IRTE posting to a vCPU.\n\nThe dangling IRTE can result in interrupts being incorrectly delivered to\nthe guest, and in the worst case scenario can result in use-after-free,\ne.g. if the VM is torn down, but the underlying host IRQ isn\u0027t freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37885",
"url": "https://www.suse.com/security/cve/CVE-2025-37885"
},
{
"category": "external",
"summary": "SUSE Bug 1242960 for CVE-2025-37885",
"url": "https://bugzilla.suse.com/1242960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-37885"
},
{
"cve": "CVE-2025-37920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37920",
"url": "https://www.suse.com/security/cve/CVE-2025-37920"
},
{
"category": "external",
"summary": "SUSE Bug 1243479 for CVE-2025-37920",
"url": "https://bugzilla.suse.com/1243479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-37920"
},
{
"cve": "CVE-2025-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation\u0027s -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37984",
"url": "https://www.suse.com/security/cve/CVE-2025-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1243669 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243669"
},
{
"category": "external",
"summary": "SUSE Bug 1243670 for CVE-2025-37984",
"url": "https://bugzilla.suse.com/1243670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-37984"
},
{
"cve": "CVE-2025-38034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38034",
"url": "https://www.suse.com/security/cve/CVE-2025-38034"
},
{
"category": "external",
"summary": "SUSE Bug 1244792 for CVE-2025-38034",
"url": "https://bugzilla.suse.com/1244792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38034"
},
{
"cve": "CVE-2025-38035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38035",
"url": "https://www.suse.com/security/cve/CVE-2025-38035"
},
{
"category": "external",
"summary": "SUSE Bug 1244801 for CVE-2025-38035",
"url": "https://bugzilla.suse.com/1244801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38035"
},
{
"cve": "CVE-2025-38051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38051",
"url": "https://www.suse.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "SUSE Bug 1244750 for CVE-2025-38051",
"url": "https://bugzilla.suse.com/1244750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n Call Trace:\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n crypto_request_complete include/crypto/algapi.h:266\n aead_request_complete include/crypto/internal/aead.h:85\n cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n crypto_request_complete include/crypto/algapi.h:266\n cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n Allocated by task 8355:\n kzalloc_noprof include/linux/slab.h:778\n tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n ops_init+0xb9/0x650 net/core/net_namespace.c:139\n setup_net+0x435/0xb40 net/core/net_namespace.c:343\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n ksys_unshare+0x419/0x970 kernel/fork.c:3323\n __do_sys_unshare kernel/fork.c:3394\n\n Freed by task 63:\n kfree+0x12a/0x3b0 mm/slub.c:4557\n tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n ip netns add ns1\n ip link add veth1 type veth peer name veth2\n ip link set veth1 netns ns1\n ip netns exec ns1 tipc bearer enable media eth dev veth1\n ip netns exec ns1 tipc node set key this_is_a_master_key master\n ip netns exec ns1 tipc bearer disable media eth dev veth1\n ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n tipc_disc_timeout\n tipc_bearer_xmit_skb\n tipc_crypto_xmit\n tipc_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n simd_aead_encrypt\n // crypto_simd_usable() is false\n child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n simd_aead_encrypt\n crypto_aead_encrypt\n // encrypt()\n cryptd_aead_encrypt_enqueue\n cryptd_aead_enqueue\n cryptd_enqueue_request\n // trigger cryptd_queue_worker\n queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38052",
"url": "https://www.suse.com/security/cve/CVE-2025-38052"
},
{
"category": "external",
"summary": "SUSE Bug 1244749 for CVE-2025-38052",
"url": "https://bugzilla.suse.com/1244749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38052"
},
{
"cve": "CVE-2025-38058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn\u0027t see\nthat it\u0027s safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it\u0027ll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it\u0027s nowhere near common enough to bother\nwith.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38058",
"url": "https://www.suse.com/security/cve/CVE-2025-38058"
},
{
"category": "external",
"summary": "SUSE Bug 1245151 for CVE-2025-38058",
"url": "https://bugzilla.suse.com/1245151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "low"
}
],
"title": "CVE-2025-38058"
},
{
"cve": "CVE-2025-38061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38061",
"url": "https://www.suse.com/security/cve/CVE-2025-38061"
},
{
"category": "external",
"summary": "SUSE Bug 1245440 for CVE-2025-38061",
"url": "https://bugzilla.suse.com/1245440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38061"
},
{
"cve": "CVE-2025-38062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38062",
"url": "https://www.suse.com/security/cve/CVE-2025-38062"
},
{
"category": "external",
"summary": "SUSE Bug 1245216 for CVE-2025-38062",
"url": "https://bugzilla.suse.com/1245216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38062"
},
{
"cve": "CVE-2025-38063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don\u0027t allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38063",
"url": "https://www.suse.com/security/cve/CVE-2025-38063"
},
{
"category": "external",
"summary": "SUSE Bug 1245202 for CVE-2025-38063",
"url": "https://bugzilla.suse.com/1245202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38063"
},
{
"cve": "CVE-2025-38064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region \u0027(null)\u0027, reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region \u0027(null)\u0027, reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38064",
"url": "https://www.suse.com/security/cve/CVE-2025-38064"
},
{
"category": "external",
"summary": "SUSE Bug 1245201 for CVE-2025-38064",
"url": "https://bugzilla.suse.com/1245201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38064"
},
{
"cve": "CVE-2025-38074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq-\u003elog_used with vq-\u003emutex\n\nThe vhost-scsi completion path may access vq-\u003elog_base when vq-\u003elog_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-\u003e vhost_add_used()\n -\u003e vhost_add_used_n()\n if (unlikely(vq-\u003elog_used))\n QEMU disables vq-\u003elog_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(\u0026vq-\u003emutex);\n vq-\u003elog_used = false now!\n mutex_unlock(\u0026vq-\u003emutex);\n\n\t\t\t\t QEMU gfree(vq-\u003elog_base)\n log_used()\n -\u003e log_write(vq-\u003elog_base)\n\nAssuming the VMM is QEMU. The vq-\u003elog_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38074",
"url": "https://www.suse.com/security/cve/CVE-2025-38074"
},
{
"category": "external",
"summary": "SUSE Bug 1244735 for CVE-2025-38074",
"url": "https://bugzilla.suse.com/1244735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38074"
},
{
"cve": "CVE-2025-38084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops-\u003emay_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38084",
"url": "https://www.suse.com/security/cve/CVE-2025-38084"
},
{
"category": "external",
"summary": "SUSE Bug 1245498 for CVE-2025-38084",
"url": "https://bugzilla.suse.com/1245498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38084"
},
{
"cve": "CVE-2025-38085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race\n\nhuge_pmd_unshare() drops a reference on a page table that may have\npreviously been shared across processes, potentially turning it into a\nnormal page table used in another process in which unrelated VMAs can\nafterwards be installed.\n\nIf this happens in the middle of a concurrent gup_fast(), gup_fast() could\nend up walking the page tables of another process. While I don\u0027t see any\nway in which that immediately leads to kernel memory corruption, it is\nreally weird and unexpected.\n\nFix it with an explicit broadcast IPI through tlb_remove_table_sync_one(),\njust like we do in khugepaged when removing page tables for a THP\ncollapse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38085",
"url": "https://www.suse.com/security/cve/CVE-2025-38085"
},
{
"category": "external",
"summary": "SUSE Bug 1245499 for CVE-2025-38085",
"url": "https://bugzilla.suse.com/1245499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38085"
},
{
"cve": "CVE-2025-38087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix use-after-free in taprio_dev_notifier\n\nSince taprio\u0027s taprio_dev_notifier() isn\u0027t protected by an\nRCU read-side critical section, a race with advance_sched()\ncan lead to a use-after-free.\n\nAdding rcu_read_lock() inside taprio_dev_notifier() prevents this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38087",
"url": "https://www.suse.com/security/cve/CVE-2025-38087"
},
{
"category": "external",
"summary": "SUSE Bug 1245504 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245504"
},
{
"category": "external",
"summary": "SUSE Bug 1245505 for CVE-2025-38087",
"url": "https://bugzilla.suse.com/1245505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38087"
},
{
"cve": "CVE-2025-38088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap\n\nmemtrace mmap issue has an out of bounds issue. This patch fixes the by\nchecking that the requested mapping region size should stay within the\nallocated region size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38088",
"url": "https://www.suse.com/security/cve/CVE-2025-38088"
},
{
"category": "external",
"summary": "SUSE Bug 1245506 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245506"
},
{
"category": "external",
"summary": "SUSE Bug 1245507 for CVE-2025-38088",
"url": "https://bugzilla.suse.com/1245507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38088"
},
{
"cve": "CVE-2025-38089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: handle SVC_GARBAGE during svc auth processing as auth error\n\ntianshuo han reported a remotely-triggerable crash if the client sends a\nkernel RPC server a specially crafted packet. If decoding the RPC reply\nfails in such a way that SVC_GARBAGE is returned without setting the\nrq_accept_statp pointer, then that pointer can be dereferenced and a\nvalue stored there.\n\nIf it\u0027s the first time the thread has processed an RPC, then that\npointer will be set to NULL and the kernel will crash. In other cases,\nit could create a memory scribble.\n\nThe server sunrpc code treats a SVC_GARBAGE return from svc_authenticate\nor pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531\nsays that if authentication fails that the RPC should be rejected\ninstead with a status of AUTH_ERR.\n\nHandle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of\nAUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This\nsidesteps the whole problem of touching the rpc_accept_statp pointer in\nthis situation and avoids the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38089",
"url": "https://www.suse.com/security/cve/CVE-2025-38089"
},
{
"category": "external",
"summary": "SUSE Bug 1245508 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245508"
},
{
"category": "external",
"summary": "SUSE Bug 1245509 for CVE-2025-38089",
"url": "https://bugzilla.suse.com/1245509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38089"
},
{
"cve": "CVE-2025-38090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\n\nIn\n\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n -\u003e cm_chan_msg_send()\n -\u003e riocm_ch_send()\n\ncm_chan_msg_send() checks that userspace didn\u0027t send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\n\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38090",
"url": "https://www.suse.com/security/cve/CVE-2025-38090"
},
{
"category": "external",
"summary": "SUSE Bug 1245510 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245510"
},
{
"category": "external",
"summary": "SUSE Bug 1245511 for CVE-2025-38090",
"url": "https://bugzilla.suse.com/1245511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38090"
},
{
"cve": "CVE-2025-38094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cadence: macb: Fix a possible deadlock in macb_halt_tx.\n\nThere is a situation where after THALT is set high, TGO stays high as\nwell. Because jiffies are never updated, as we are in a context with\ninterrupts disabled, we never exit that loop and have a deadlock.\n\nThat deadlock was noticed on a sama5d4 device that stayed locked for days.\n\nUse retries instead of jiffies so that the timeout really works and we do\nnot have a deadlock anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38094",
"url": "https://www.suse.com/security/cve/CVE-2025-38094"
},
{
"category": "external",
"summary": "SUSE Bug 1245649 for CVE-2025-38094",
"url": "https://bugzilla.suse.com/1245649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38094"
},
{
"cve": "CVE-2025-38095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: insert memory barrier before updating num_fences\n\nsmp_store_mb() inserts memory barrier after storing operation.\nIt is different with what the comment is originally aiming so Null\npointer dereference can be happened if memory update is reordered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38095",
"url": "https://www.suse.com/security/cve/CVE-2025-38095"
},
{
"category": "external",
"summary": "SUSE Bug 1245658 for CVE-2025-38095",
"url": "https://bugzilla.suse.com/1245658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38095"
},
{
"cve": "CVE-2025-38097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn\u0027t been used \"recently\", but it\u0027s a lot\nmore complex than just not caching the socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38097",
"url": "https://www.suse.com/security/cve/CVE-2025-38097"
},
{
"category": "external",
"summary": "SUSE Bug 1245660 for CVE-2025-38097",
"url": "https://bugzilla.suse.com/1245660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38097"
},
{
"cve": "CVE-2025-38098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t treat wb connector as physical in create_validate_stream_for_sink\n\nDon\u0027t try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it\u0027s wrong and\nmight lead to unknown bad things. Just... don\u0027t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38098",
"url": "https://www.suse.com/security/cve/CVE-2025-38098"
},
{
"category": "external",
"summary": "SUSE Bug 1245654 for CVE-2025-38098",
"url": "https://bugzilla.suse.com/1245654"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38098"
},
{
"cve": "CVE-2025-38099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38099",
"url": "https://www.suse.com/security/cve/CVE-2025-38099"
},
{
"category": "external",
"summary": "SUSE Bug 1245671 for CVE-2025-38099",
"url": "https://bugzilla.suse.com/1245671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38099"
},
{
"cve": "CVE-2025-38100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/iopl: Cure TIF_IO_BITMAP inconsistencies\n\nio_bitmap_exit() is invoked from exit_thread() when a task exists or\nwhen a fork fails. In the latter case the exit_thread() cleans up\nresources which were allocated during fork().\n\nio_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up\nin tss_update_io_bitmap(). tss_update_io_bitmap() operates on the\ncurrent task. If current has TIF_IO_BITMAP set, but no bitmap installed,\ntss_update_io_bitmap() crashes with a NULL pointer dereference.\n\nThere are two issues, which lead to that problem:\n\n 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when\n the task, which is cleaned up, is not the current task. That\u0027s a\n clear indicator for a cleanup after a failed fork().\n\n 2) A task should not have TIF_IO_BITMAP set and neither a bitmap\n installed nor IOPL emulation level 3 activated.\n\n This happens when a kernel thread is created in the context of\n a user space thread, which has TIF_IO_BITMAP set as the thread\n flags are copied and the IO bitmap pointer is cleared.\n\n Other than in the failed fork() case this has no impact because\n kernel threads including IO workers never return to user space and\n therefore never invoke tss_update_io_bitmap().\n\nCure this by adding the missing cleanups and checks:\n\n 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if\n the to be cleaned up task is not the current task.\n\n 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user\n space forks it is set later, when the IO bitmap is inherited in\n io_bitmap_share().\n\nFor paranoia sake, add a warning into tss_update_io_bitmap() to catch\nthe case, when that code is invoked with inconsistent state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38100",
"url": "https://www.suse.com/security/cve/CVE-2025-38100"
},
{
"category": "external",
"summary": "SUSE Bug 1245650 for CVE-2025-38100",
"url": "https://bugzilla.suse.com/1245650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38100"
},
{
"cve": "CVE-2025-38102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\n Modules linked in:\n CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\n RIP: 0010:try_grab_folio+0x106/0x130\n Call Trace:\n \u003cTASK\u003e\n follow_huge_pmd+0x240/0x8e0\n follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\n follow_pud_mask.constprop.0.isra.0+0x14a/0x170\n follow_page_mask+0x1c2/0x1f0\n __get_user_pages+0x176/0x950\n __gup_longterm_locked+0x15b/0x1060\n ? gup_fast+0x120/0x1f0\n gup_fast_fallback+0x17e/0x230\n get_user_pages_fast+0x5f/0x80\n vmci_host_unlocked_ioctl+0x21c/0xf80\n RIP: 0033:0x54d2cd\n ---[ end trace 0000000000000000 ]---\n\nDigging into the source, context-\u003enotify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\n\ncpu0\t\t\tcpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, \u0026context-\u003enotify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd // update \u0026context-\u003enotify_page\n\t\t\tvmci_host_do_set_notify\n\t\t\tvmci_ctx_unset_notify\n\t\t\tnotify_page = context-\u003enotify_page;\n\t\t\tif (notify_page)\n\t\t\tput_page(notify_page);\t// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\n\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38102",
"url": "https://www.suse.com/security/cve/CVE-2025-38102"
},
{
"category": "external",
"summary": "SUSE Bug 1245669 for CVE-2025-38102",
"url": "https://bugzilla.suse.com/1245669"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38102"
},
{
"cve": "CVE-2025-38105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we\u0027re at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38105",
"url": "https://www.suse.com/security/cve/CVE-2025-38105"
},
{
"category": "external",
"summary": "SUSE Bug 1245682 for CVE-2025-38105",
"url": "https://bugzilla.suse.com/1245682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38105"
},
{
"cve": "CVE-2025-38107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: fix a race in ets_qdisc_change()\n\nGerrard Tai reported a race condition in ETS, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38107",
"url": "https://www.suse.com/security/cve/CVE-2025-38107"
},
{
"category": "external",
"summary": "SUSE Bug 1245676 for CVE-2025-38107",
"url": "https://bugzilla.suse.com/1245676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38107"
},
{
"cve": "CVE-2025-38108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38108",
"url": "https://www.suse.com/security/cve/CVE-2025-38108"
},
{
"category": "external",
"summary": "SUSE Bug 1245675 for CVE-2025-38108",
"url": "https://bugzilla.suse.com/1245675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38108"
},
{
"cve": "CVE-2025-38109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38109",
"url": "https://www.suse.com/security/cve/CVE-2025-38109"
},
{
"category": "external",
"summary": "SUSE Bug 1245684 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245684"
},
{
"category": "external",
"summary": "SUSE Bug 1245685 for CVE-2025-38109",
"url": "https://bugzilla.suse.com/1245685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38109"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38111",
"url": "https://www.suse.com/security/cve/CVE-2025-38111"
},
{
"category": "external",
"summary": "SUSE Bug 1245666 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1245666"
},
{
"category": "external",
"summary": "SUSE Bug 1249455 for CVE-2025-38111",
"url": "https://bugzilla.suse.com/1249455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38111"
},
{
"cve": "CVE-2025-38112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix TOCTOU issue in sk_is_readable()\n\nsk-\u003esk_prot-\u003esock_is_readable is a valid function pointer when sk resides\nin a sockmap. After the last sk_psock_put() (which usually happens when\nsocket is removed from sockmap), sk-\u003esk_prot gets restored and\nsk-\u003esk_prot-\u003esock_is_readable becomes NULL.\n\nThis makes sk_is_readable() racy, if the value of sk-\u003esk_prot is reloaded\nafter the initial check. Which in turn may lead to a null pointer\ndereference.\n\nEnsure the function pointer does not turn NULL after the check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38112",
"url": "https://www.suse.com/security/cve/CVE-2025-38112"
},
{
"category": "external",
"summary": "SUSE Bug 1245668 for CVE-2025-38112",
"url": "https://bugzilla.suse.com/1245668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38112"
},
{
"cve": "CVE-2025-38113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Fix NULL pointer dereference when nosmp is used\n\nWith nosmp in cmdline, other CPUs are not brought up, leaving\ntheir cpc_desc_ptr NULL. CPU0\u0027s iteration via for_each_possible_cpu()\ndereferences these NULL pointers, causing panic.\n\nPanic backtrace:\n\n[ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8\n...\n[ 0.403255] [\u003cffffffff809a5818\u003e] cppc_allow_fast_switch+0x6a/0xd4\n...\nKernel panic - not syncing: Attempted to kill init!\n\n[ rjw: New subject ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38113",
"url": "https://www.suse.com/security/cve/CVE-2025-38113"
},
{
"category": "external",
"summary": "SUSE Bug 1245683 for CVE-2025-38113",
"url": "https://bugzilla.suse.com/1245683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38113"
},
{
"cve": "CVE-2025-38115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\n\nSFQ has an assumption of always being able to queue at least one packet.\n\nHowever, after the blamed commit, sch-\u003eq.len can be inflated by packets\nin sch-\u003egso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\n\nFix sfq_drop() to properly clear q-\u003etail in this situation.\n\n\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\n\nip netns exec lb netserver\n\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026\nnetperf -H 192.168.20.2 -l 100 \u0026",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38115",
"url": "https://www.suse.com/security/cve/CVE-2025-38115"
},
{
"category": "external",
"summary": "SUSE Bug 1245689 for CVE-2025-38115",
"url": "https://bugzilla.suse.com/1245689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38115"
},
{
"cve": "CVE-2025-38117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38117",
"url": "https://www.suse.com/security/cve/CVE-2025-38117"
},
{
"category": "external",
"summary": "SUSE Bug 1245695 for CVE-2025-38117",
"url": "https://bugzilla.suse.com/1245695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38117"
},
{
"cve": "CVE-2025-38118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38118",
"url": "https://www.suse.com/security/cve/CVE-2025-38118"
},
{
"category": "external",
"summary": "SUSE Bug 1245670 for CVE-2025-38118",
"url": "https://bugzilla.suse.com/1245670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38118"
},
{
"cve": "CVE-2025-38120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo_avx2: fix initial map fill\n\nIf the first field doesn\u0027t cover the entire start map, then we must zero\nout the remainder, else we leak those bits into the next match round map.\n\nThe early fix was incomplete and did only fix up the generic C\nimplementation.\n\nA followup patch adds a test case to nft_concat_range.sh.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38120",
"url": "https://www.suse.com/security/cve/CVE-2025-38120"
},
{
"category": "external",
"summary": "SUSE Bug 1245711 for CVE-2025-38120",
"url": "https://bugzilla.suse.com/1245711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38120"
},
{
"cve": "CVE-2025-38122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38122"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: add missing NULL check for gve_alloc_pending_packet() in TX DQO\n\ngve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()\ndid not check for this case before dereferencing the returned pointer.\n\nAdd a missing NULL check to prevent a potential NULL pointer\ndereference when allocation fails.\n\nThis improves robustness in low-memory scenarios.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38122",
"url": "https://www.suse.com/security/cve/CVE-2025-38122"
},
{
"category": "external",
"summary": "SUSE Bug 1245746 for CVE-2025-38122",
"url": "https://bugzilla.suse.com/1245746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38122"
},
{
"cve": "CVE-2025-38123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n \u003cIRQ\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38123",
"url": "https://www.suse.com/security/cve/CVE-2025-38123"
},
{
"category": "external",
"summary": "SUSE Bug 1245688 for CVE-2025-38123",
"url": "https://bugzilla.suse.com/1245688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38123"
},
{
"cve": "CVE-2025-38124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix udp gso skb_segment after pull from frag_list\n\nCommit a1e40ac5b5e9 (\"net: gso: fix udp gso fraglist segmentation after\npull from frag_list\") detected invalid geometry in frag_list skbs and\nredirects them from skb_segment_list to more robust skb_segment. But some\npackets with modified geometry can also hit bugs in that code. We don\u0027t\nknow how many such cases exist. Addressing each one by one also requires\ntouching the complex skb_segment code, which risks introducing bugs for\nother types of skbs. Instead, linearize all these packets that fail the\nbasic invariants on gso fraglist skbs. That is more robust.\n\nIf only part of the fraglist payload is pulled into head_skb, it will\nalways cause exception when splitting skbs by skb_segment. For detailed\ncall stack information, see below.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify fraglist skbs, breaking these invariants.\n\nIn extreme cases they pull one part of data into skb linear. For UDP,\nthis causes three payloads with lengths of (11,11,10) bytes were\npulled tail to become (12,10,10) bytes.\n\nThe skbs no longer meets the above SKB_GSO_FRAGLIST conditions because\npayload was pulled into head_skb, it needs to be linearized before pass\nto regular skb_segment.\n\n skb_segment+0xcd0/0xd14\n __udp_gso_segment+0x334/0x5f4\n udp4_ufo_fragment+0x118/0x15c\n inet_gso_segment+0x164/0x338\n skb_mac_gso_segment+0xc4/0x13c\n __skb_gso_segment+0xc4/0x124\n validate_xmit_skb+0x9c/0x2c0\n validate_xmit_skb_list+0x4c/0x80\n sch_direct_xmit+0x70/0x404\n __dev_queue_xmit+0x64c/0xe5c\n neigh_resolve_output+0x178/0x1c4\n ip_finish_output2+0x37c/0x47c\n __ip_finish_output+0x194/0x240\n ip_finish_output+0x20/0xf4\n ip_output+0x100/0x1a0\n NF_HOOK+0xc4/0x16c\n ip_forward+0x314/0x32c\n ip_rcv+0x90/0x118\n __netif_receive_skb+0x74/0x124\n process_backlog+0xe8/0x1a4\n __napi_poll+0x5c/0x1f8\n net_rx_action+0x154/0x314\n handle_softirqs+0x154/0x4b8\n\n [118.376811] [C201134] rxq0_pus: [name:bug\u0026]kernel BUG at net/core/skbuff.c:4278!\n [118.376829] [C201134] rxq0_pus: [name:traps\u0026]Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n [118.470774] [C201134] rxq0_pus: [name:mrdump\u0026]Kernel Offset: 0x178cc00000 from 0xffffffc008000000\n [118.470810] [C201134] rxq0_pus: [name:mrdump\u0026]PHYS_OFFSET: 0x40000000\n [118.470827] [C201134] rxq0_pus: [name:mrdump\u0026]pstate: 60400005 (nZCv daif +PAN -UAO)\n [118.470848] [C201134] rxq0_pus: [name:mrdump\u0026]pc : [0xffffffd79598aefc] skb_segment+0xcd0/0xd14\n [118.470900] [C201134] rxq0_pus: [name:mrdump\u0026]lr : [0xffffffd79598a5e8] skb_segment+0x3bc/0xd14\n [118.470928] [C201134] rxq0_pus: [name:mrdump\u0026]sp : ffffffc008013770",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38124",
"url": "https://www.suse.com/security/cve/CVE-2025-38124"
},
{
"category": "external",
"summary": "SUSE Bug 1245690 for CVE-2025-38124",
"url": "https://bugzilla.suse.com/1245690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38124"
},
{
"cve": "CVE-2025-38126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38126",
"url": "https://www.suse.com/security/cve/CVE-2025-38126"
},
{
"category": "external",
"summary": "SUSE Bug 1245708 for CVE-2025-38126",
"url": "https://bugzilla.suse.com/1245708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38126"
},
{
"cve": "CVE-2025-38127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38127"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38127",
"url": "https://www.suse.com/security/cve/CVE-2025-38127"
},
{
"category": "external",
"summary": "SUSE Bug 1245705 for CVE-2025-38127",
"url": "https://bugzilla.suse.com/1245705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38127"
},
{
"cve": "CVE-2025-38129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38129",
"url": "https://www.suse.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "SUSE Bug 1245723 for CVE-2025-38129",
"url": "https://bugzilla.suse.com/1245723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38129"
},
{
"cve": "CVE-2025-38131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs\u0027 sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc\u0027s active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38131",
"url": "https://www.suse.com/security/cve/CVE-2025-38131"
},
{
"category": "external",
"summary": "SUSE Bug 1245677 for CVE-2025-38131",
"url": "https://bugzilla.suse.com/1245677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38131"
},
{
"cve": "CVE-2025-38132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38132"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: holding cscfg_csdev_lock while removing cscfg from csdev\n\nThere\u0027ll be possible race scenario for coresight config:\n\nCPU0 CPU1\n(perf enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\n lock(csdev-\u003ecscfg_csdev_lock)\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n \u003citerating config_csdev_list\u003e cscfg_remove_owned_csdev_configs()\n // here load config activate by CPU1\n unlock(csdev-\u003ecscfg_csdev_lock)\n\niterating config_csdev_list could be raced with config_csdev_list\u0027s\nentry delete.\n\nTo resolve this race , hold csdev-\u003ecscfg_csdev_lock() while\ncscfg_remove_owned_csdev_configs()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38132",
"url": "https://www.suse.com/security/cve/CVE-2025-38132"
},
{
"category": "external",
"summary": "SUSE Bug 1245679 for CVE-2025-38132",
"url": "https://bugzilla.suse.com/1245679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38132"
},
{
"cve": "CVE-2025-38135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\n\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38135",
"url": "https://www.suse.com/security/cve/CVE-2025-38135"
},
{
"category": "external",
"summary": "SUSE Bug 1246023 for CVE-2025-38135",
"url": "https://bugzilla.suse.com/1246023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38135"
},
{
"cve": "CVE-2025-38136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Reorder clock handling and power management in probe\n\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\n\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\n\n usbhs_probe()\n usbhs_sys_clock_ctrl()\n usbhs_bset()\n usbhs_write()\n iowrite16() \u003c-- Register access before enabling clocks\n\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38136",
"url": "https://www.suse.com/security/cve/CVE-2025-38136"
},
{
"category": "external",
"summary": "SUSE Bug 1245691 for CVE-2025-38136",
"url": "https://bugzilla.suse.com/1245691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38136"
},
{
"cve": "CVE-2025-38138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Add NULL check in udma_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nudma_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38138",
"url": "https://www.suse.com/security/cve/CVE-2025-38138"
},
{
"category": "external",
"summary": "SUSE Bug 1245719 for CVE-2025-38138",
"url": "https://bugzilla.suse.com/1245719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38138"
},
{
"cve": "CVE-2025-38142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (asus-ec-sensors) check sensor index in read_string()\n\nPrevent a potential invalid memory access when the requested sensor\nis not found.\n\nfind_ec_sensor_index() may return a negative value (e.g. -ENOENT),\nbut its result was used without checking, which could lead to\nundefined behavior when passed to get_sensor_info().\n\nAdd a proper check to return -EINVAL if sensor_index is negative.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[groeck: Return error code returned from find_ec_sensor_index]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38142",
"url": "https://www.suse.com/security/cve/CVE-2025-38142"
},
{
"category": "external",
"summary": "SUSE Bug 1245713 for CVE-2025-38142",
"url": "https://bugzilla.suse.com/1245713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38142"
},
{
"cve": "CVE-2025-38143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: pm8941: Add NULL check in wled_configure()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nwled_configure() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38143",
"url": "https://www.suse.com/security/cve/CVE-2025-38143"
},
{
"category": "external",
"summary": "SUSE Bug 1245714 for CVE-2025-38143",
"url": "https://bugzilla.suse.com/1245714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38143"
},
{
"cve": "CVE-2025-38145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.\n\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38145",
"url": "https://www.suse.com/security/cve/CVE-2025-38145"
},
{
"category": "external",
"summary": "SUSE Bug 1245765 for CVE-2025-38145",
"url": "https://bugzilla.suse.com/1245765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38145"
},
{
"cve": "CVE-2025-38147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Don\u0027t call calipso functions for AF_INET sk.\n\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\n\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\n\nHowever, this never happens for IPv6 sockets as inet_sk(sk)-\u003epinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\n\nThe root cause is missing validation in netlbl_conn_setattr().\n\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\n\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\n\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\n\nLet\u0027s copy the validation to netlbl_conn_setattr().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cTASK\u003e\n calipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\n netlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\n selinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\n selinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\n selinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\n selinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\n security_socket_connect+0x50/0xa0 security/security.c:4598\n __sys_connect_file+0xa4/0x190 net/socket.c:2067\n __sys_connect+0x12c/0x170 net/socket.c:2088\n __do_sys_connect net/socket.c:2098 [inline]\n __se_sys_connect net/socket.c:2095 [inline]\n __x64_sys_connect+0x73/0xb0 net/socket.c:2095\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38147",
"url": "https://www.suse.com/security/cve/CVE-2025-38147"
},
{
"category": "external",
"summary": "SUSE Bug 1245768 for CVE-2025-38147",
"url": "https://bugzilla.suse.com/1245768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38147"
},
{
"cve": "CVE-2025-38148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: mscc: Fix memory leak when using one step timestamping\n\nFix memory leak when running one-step timestamping. When running\none-step sync timestamping, the HW is configured to insert the TX time\ninto the frame, so there is no reason to keep the skb anymore. As in\nthis case the HW will never generate an interrupt to say that the frame\nwas timestamped, then the frame will never released.\nFix this by freeing the frame in case of one-step timestamping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38148",
"url": "https://www.suse.com/security/cve/CVE-2025-38148"
},
{
"category": "external",
"summary": "SUSE Bug 1245735 for CVE-2025-38148",
"url": "https://bugzilla.suse.com/1245735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38148"
},
{
"cve": "CVE-2025-38149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clear phydev-\u003edevlink when the link is deleted\n\nThere is a potential crash issue when disabling and re-enabling the\nnetwork port. When disabling the network port, phy_detach() calls\ndevice_link_del() to remove the device link, but it does not clear\nphydev-\u003edevlink, so phydev-\u003edevlink is not a NULL pointer. Then the\nnetwork port is re-enabled, but if phy_attach_direct() fails before\ncalling device_link_add(), the code jumps to the \"error\" label and\ncalls phy_detach(). Since phydev-\u003edevlink retains the old value from\nthe previous attach/detach cycle, device_link_del() uses the old value,\nwhich accesses a NULL pointer and causes a crash. The simplified crash\nlog is as follows.\n\n[ 24.702421] Call trace:\n[ 24.704856] device_link_put_kref+0x20/0x120\n[ 24.709124] device_link_del+0x30/0x48\n[ 24.712864] phy_detach+0x24/0x168\n[ 24.716261] phy_attach_direct+0x168/0x3a4\n[ 24.720352] phylink_fwnode_phy_connect+0xc8/0x14c\n[ 24.725140] phylink_of_phy_connect+0x1c/0x34\n\nTherefore, phydev-\u003edevlink needs to be cleared when the device link is\ndeleted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38149",
"url": "https://www.suse.com/security/cve/CVE-2025-38149"
},
{
"category": "external",
"summary": "SUSE Bug 1245737 for CVE-2025-38149",
"url": "https://bugzilla.suse.com/1245737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38149"
},
{
"cve": "CVE-2025-38151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix hang when cma_netevent_callback fails to queue_work\n\nThe cited commit fixed a crash when cma_netevent_callback was called for\na cma_id while work on that id from a previous call had not yet started.\nThe work item was re-initialized in the second call, which corrupted the\nwork item currently in the work queue.\n\nHowever, it left a problem when queue_work fails (because the item is\nstill pending in the work queue from a previous call). In this case,\ncma_id_put (which is called in the work handler) is therefore not\ncalled. This results in a userspace process hang (zombie process).\n\nFix this by calling cma_id_put() if queue_work fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38151",
"url": "https://www.suse.com/security/cve/CVE-2025-38151"
},
{
"category": "external",
"summary": "SUSE Bug 1245745 for CVE-2025-38151",
"url": "https://bugzilla.suse.com/1245745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38151"
},
{
"cve": "CVE-2025-38153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38153"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: fix error handling of usbnet read calls\n\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls\u0027\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\n\nFor instance, usbnet_read_cmd() may read fewer than \u0027size\u0027 bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\n\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\n usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n really_probe+0x4d1/0xd90 drivers/base/dd.c:658\n __driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\n\nUninit was stored to memory at:\n dev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n __dev_addr_set include/linux/netdevice.h:4874 [inline]\n eth_hw_addr_set include/linux/etherdevice.h:325 [inline]\n aqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\n\nUninit was stored to memory at:\n ether_addr_copy include/linux/etherdevice.h:305 [inline]\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\n aqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\n usb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:-1 [inline]\n...\n\nLocal variable buf.i created at:\n aqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\n aqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\n usbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38153",
"url": "https://www.suse.com/security/cve/CVE-2025-38153"
},
{
"category": "external",
"summary": "SUSE Bug 1245744 for CVE-2025-38153",
"url": "https://bugzilla.suse.com/1245744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38153"
},
{
"cve": "CVE-2025-38154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Avoid using sk_socket after free when sending\n\nThe sk-\u003esk_socket is not locked or referenced in backlog thread, and\nduring the call to skb_send_sock(), there is a race condition with\nthe release of sk_socket. All types of sockets(tcp/udp/unix/vsock)\nwill be affected.\n\nRace conditions:\n\u0027\u0027\u0027\nCPU0 CPU1\n\nbacklog::skb_send_sock\n sendmsg_unlocked\n sock_sendmsg\n sock_sendmsg_nosec\n close(fd):\n ...\n ops-\u003erelease() -\u003e sock_map_close()\n sk_socket-\u003eops = NULL\n free(socket)\n sock-\u003eops-\u003esendmsg\n ^\n panic here\n\u0027\u0027\u0027\n\nThe ref of psock become 0 after sock_map_close() executed.\n\u0027\u0027\u0027\nvoid sock_map_close()\n{\n ...\n if (likely(psock)) {\n ...\n // !! here we remove psock and the ref of psock become 0\n sock_map_remove_links(sk, psock)\n psock = sk_psock_get(sk);\n if (unlikely(!psock))\n goto no_psock; \u003c=== Control jumps here via goto\n ...\n cancel_delayed_work_sync(\u0026psock-\u003ework); \u003c=== not executed\n sk_psock_put(sk, psock);\n ...\n}\n\u0027\u0027\u0027\n\nBased on the fact that we already wait for the workqueue to finish in\nsock_map_close() if psock is held, we simply increase the psock\nreference count to avoid race conditions.\n\nWith this patch, if the backlog thread is running, sock_map_close() will\nwait for the backlog thread to complete and cancel all pending work.\n\nIf no backlog running, any pending work that hasn\u0027t started by then will\nfail when invoked by sk_psock_get(), as the psock reference count have\nbeen zeroed, and sk_psock_drop() will cancel all jobs via\ncancel_delayed_work_sync().\n\nIn summary, we require synchronization to coordinate the backlog thread\nand close() thread.\n\nThe panic I catched:\n\u0027\u0027\u0027\nWorkqueue: events sk_psock_backlog\nRIP: 0010:sock_sendmsg+0x21d/0x440\nRAX: 0000000000000000 RBX: ffffc9000521fad8 RCX: 0000000000000001\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x40/0xa0\n ? exc_general_protection+0x14c/0x230\n ? asm_exc_general_protection+0x26/0x30\n ? sock_sendmsg+0x21d/0x440\n ? sock_sendmsg+0x3e0/0x440\n ? __pfx_sock_sendmsg+0x10/0x10\n __skb_send_sock+0x543/0xb70\n sk_psock_backlog+0x247/0xb80\n...\n\u0027\u0027\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38154",
"url": "https://www.suse.com/security/cve/CVE-2025-38154"
},
{
"category": "external",
"summary": "SUSE Bug 1245749 for CVE-2025-38154",
"url": "https://bugzilla.suse.com/1245749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38154"
},
{
"cve": "CVE-2025-38155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()\n\ndevm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()\ndoes not check for this case, which results in a NULL pointer\ndereference.\n\nPrevent null pointer dereference in mt7915_mmio_wed_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38155",
"url": "https://www.suse.com/security/cve/CVE-2025-38155"
},
{
"category": "external",
"summary": "SUSE Bug 1245748 for CVE-2025-38155",
"url": "https://bugzilla.suse.com/1245748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38155"
},
{
"cve": "CVE-2025-38157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38157",
"url": "https://www.suse.com/security/cve/CVE-2025-38157"
},
{
"category": "external",
"summary": "SUSE Bug 1245747 for CVE-2025-38157",
"url": "https://bugzilla.suse.com/1245747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38157"
},
{
"cve": "CVE-2025-38158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38158"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: fix XQE dma address error\n\nThe dma addresses of EQE and AEQE are wrong after migration and\nresults in guest kernel-mode encryption services failure.\nComparing the definition of hardware registers, we found that\nthere was an error when the data read from the register was\ncombined into an address. Therefore, the address combination\nsequence needs to be corrected.\n\nEven after fixing the above problem, we still have an issue\nwhere the Guest from an old kernel can get migrated to\nnew kernel and may result in wrong data.\n\nIn order to ensure that the address is correct after migration,\nif an old magic number is detected, the dma address needs to be\nupdated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38158",
"url": "https://www.suse.com/security/cve/CVE-2025-38158"
},
{
"category": "external",
"summary": "SUSE Bug 1245750 for CVE-2025-38158",
"url": "https://bugzilla.suse.com/1245750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38158"
},
{
"cve": "CVE-2025-38159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since \u0027para\u0027 array is passed to\n\u0027rtw_fw_bt_wifi_control(rtwdev, para[0], \u0026para[1])\u0027, which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38159",
"url": "https://www.suse.com/security/cve/CVE-2025-38159"
},
{
"category": "external",
"summary": "SUSE Bug 1245751 for CVE-2025-38159",
"url": "https://bugzilla.suse.com/1245751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38159"
},
{
"cve": "CVE-2025-38161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38161"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix error flow upon firmware failure for RQ destruction\n\nUpon RQ destruction if the firmware command fails which is the\nlast resource to be destroyed some SW resources were already cleaned\nregardless of the failure.\n\nNow properly rollback the object to its original state upon such failure.\n\nIn order to avoid a use-after free in case someone tries to destroy the\nobject again, which results in the following kernel trace:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 0 PID: 37589 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) rfkill mlx5_core(OE) mlxdevm(OE) ib_uverbs(OE) ib_core(OE) psample mlxfw(OE) mlx_compat(OE) macsec tls pci_hyperv_intf sunrpc vfat fat virtio_net net_failover failover fuse loop nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_console virtio_gpu virtio_blk virtio_dma_buf virtio_mmio dm_mirror dm_region_hash dm_log dm_mod xpmem(OE)\nCPU: 0 UID: 0 PID: 37589 Comm: python3 Kdump: loaded Tainted: G OE ------- --- 6.12.0-54.el10.aarch64 #1\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : refcount_warn_saturate+0xf4/0x148\nlr : refcount_warn_saturate+0xf4/0x148\nsp : ffff80008b81b7e0\nx29: ffff80008b81b7e0 x28: ffff000133d51600 x27: 0000000000000001\nx26: 0000000000000000 x25: 00000000ffffffea x24: ffff00010ae80f00\nx23: ffff00010ae80f80 x22: ffff0000c66e5d08 x21: 0000000000000000\nx20: ffff0000c66e0000 x19: ffff00010ae80340 x18: 0000000000000006\nx17: 0000000000000000 x16: 0000000000000020 x15: ffff80008b81b37f\nx14: 0000000000000000 x13: 2e656572662d7265 x12: ffff80008283ef78\nx11: ffff80008257efd0 x10: ffff80008283efd0 x9 : ffff80008021ed90\nx8 : 0000000000000001 x7 : 00000000000bffe8 x6 : c0000000ffff7fff\nx5 : ffff0001fb8e3408 x4 : 0000000000000000 x3 : ffff800179993000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000133d51600\nCall trace:\n refcount_warn_saturate+0xf4/0x148\n mlx5_core_put_rsc+0x88/0xa0 [mlx5_ib]\n mlx5_core_destroy_rq_tracked+0x64/0x98 [mlx5_ib]\n mlx5_ib_destroy_wq+0x34/0x80 [mlx5_ib]\n ib_destroy_wq_user+0x30/0xc0 [ib_core]\n uverbs_free_wq+0x28/0x58 [ib_uverbs]\n destroy_hw_idr_uobject+0x34/0x78 [ib_uverbs]\n uverbs_destroy_uobject+0x48/0x240 [ib_uverbs]\n __uverbs_cleanup_ufile+0xd4/0x1a8 [ib_uverbs]\n uverbs_destroy_ufile_hw+0x48/0x120 [ib_uverbs]\n ib_uverbs_close+0x2c/0x100 [ib_uverbs]\n __fput+0xd8/0x2f0\n __fput_sync+0x50/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall.constprop.0+0x74/0xd0\n do_el0_svc+0x48/0xe8\n el0_svc+0x44/0x1d0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x1a4/0x1a8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38161",
"url": "https://www.suse.com/security/cve/CVE-2025-38161"
},
{
"category": "external",
"summary": "SUSE Bug 1245777 for CVE-2025-38161",
"url": "https://bugzilla.suse.com/1245777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38161"
},
{
"cve": "CVE-2025-38162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38162"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38162",
"url": "https://www.suse.com/security/cve/CVE-2025-38162"
},
{
"category": "external",
"summary": "SUSE Bug 1245752 for CVE-2025-38162",
"url": "https://bugzilla.suse.com/1245752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38162"
},
{
"cve": "CVE-2025-38165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix panic when calling skb_linearize\n\nThe panic can be reproduced by executing the command:\n./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000\n\nThen a kernel panic was captured:\n\u0027\u0027\u0027\n[ 657.460555] kernel BUG at net/core/skbuff.c:2178!\n[ 657.462680] Tainted: [W]=WARN\n[ 657.463287] Workqueue: events sk_psock_backlog\n...\n[ 657.469610] \u003cTASK\u003e\n[ 657.469738] ? die+0x36/0x90\n[ 657.469916] ? do_trap+0x1d0/0x270\n[ 657.470118] ? pskb_expand_head+0x612/0xf40\n[ 657.470376] ? pskb_expand_head+0x612/0xf40\n[ 657.470620] ? do_error_trap+0xa3/0x170\n[ 657.470846] ? pskb_expand_head+0x612/0xf40\n[ 657.471092] ? handle_invalid_op+0x2c/0x40\n[ 657.471335] ? pskb_expand_head+0x612/0xf40\n[ 657.471579] ? exc_invalid_op+0x2d/0x40\n[ 657.471805] ? asm_exc_invalid_op+0x1a/0x20\n[ 657.472052] ? pskb_expand_head+0xd1/0xf40\n[ 657.472292] ? pskb_expand_head+0x612/0xf40\n[ 657.472540] ? lock_acquire+0x18f/0x4e0\n[ 657.472766] ? find_held_lock+0x2d/0x110\n[ 657.472999] ? __pfx_pskb_expand_head+0x10/0x10\n[ 657.473263] ? __kmalloc_cache_noprof+0x5b/0x470\n[ 657.473537] ? __pfx___lock_release.isra.0+0x10/0x10\n[ 657.473826] __pskb_pull_tail+0xfd/0x1d20\n[ 657.474062] ? __kasan_slab_alloc+0x4e/0x90\n[ 657.474707] sk_psock_skb_ingress_enqueue+0x3bf/0x510\n[ 657.475392] ? __kasan_kmalloc+0xaa/0xb0\n[ 657.476010] sk_psock_backlog+0x5cf/0xd70\n[ 657.476637] process_one_work+0x858/0x1a20\n\u0027\u0027\u0027\n\nThe panic originates from the assertion BUG_ON(skb_shared(skb)) in\nskb_linearize(). A previous commit(see Fixes tag) introduced skb_get()\nto avoid race conditions between skb operations in the backlog and skb\nrelease in the recvmsg path. However, this caused the panic to always\noccur when skb_linearize is executed.\n\nThe \"--rx-strp 100000\" parameter forces the RX path to use the strparser\nmodule which aggregates data until it reaches 100KB before calling sockmap\nlogic. The 100KB payload exceeds MAX_MSG_FRAGS, triggering skb_linearize.\n\nTo fix this issue, just move skb_get into sk_psock_skb_ingress_enqueue.\n\n\u0027\u0027\u0027\nsk_psock_backlog:\n sk_psock_handle_skb\n skb_get(skb) \u003c== we move it into \u0027sk_psock_skb_ingress_enqueue\u0027\n sk_psock_skb_ingress____________\n \u2193\n |\n | \u2192 sk_psock_skb_ingress_self\n | sk_psock_skb_ingress_enqueue\nsk_psock_verdict_apply_________________\u2191 skb_linearize\n\u0027\u0027\u0027\n\nNote that for verdict_apply path, the skb_get operation is unnecessary so\nwe add \u0027take_ref\u0027 param to control it\u0027s behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38165",
"url": "https://www.suse.com/security/cve/CVE-2025-38165"
},
{
"category": "external",
"summary": "SUSE Bug 1245757 for CVE-2025-38165",
"url": "https://bugzilla.suse.com/1245757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38165"
},
{
"cve": "CVE-2025-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n\u0027\u0027\u0027\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n\u0027\u0027\u0027\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within \u0027sg-\u003emsg_iter\u0027\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn\u0027t seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn\u0027t return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n\u0027\u0027\u0027\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n\u0027\u0027\u0027\n\nSo it\u0027s ok to just return \u0027copied\u0027 without error when a \"cork\" situation\noccurs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38166",
"url": "https://www.suse.com/security/cve/CVE-2025-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1245758 for CVE-2025-38166",
"url": "https://bugzilla.suse.com/1245758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38166"
},
{
"cve": "CVE-2025-38173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: marvell/cesa - Handle zero-length skcipher requests\n\nDo not access random memory for zero-length skcipher requests.\nJust return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38173",
"url": "https://www.suse.com/security/cve/CVE-2025-38173"
},
{
"category": "external",
"summary": "SUSE Bug 1245769 for CVE-2025-38173",
"url": "https://bugzilla.suse.com/1245769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38173"
},
{
"cve": "CVE-2025-38174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Do not double dequeue a configuration request\n\nSome of our devices crash in tb_cfg_request_dequeue():\n\n general protection fault, probably for non-canonical address 0xdead000000000122\n\n CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\n RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\n Call Trace:\n \u003cTASK\u003e\n ? tb_cfg_request_dequeue+0x2d/0xa0\n tb_cfg_request_work+0x33/0x80\n worker_thread+0x386/0x8f0\n kthread+0xed/0x110\n ret_from_fork+0x38/0x50\n ret_from_fork_asm+0x1b/0x30\n\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl-\u003erequest_queue (the list poison deference hints\nat it: 0xdead000000000122).\n\nDo not dequeue requests that don\u0027t have TB_CFG_REQUEST_ACTIVE\nbit set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38174",
"url": "https://www.suse.com/security/cve/CVE-2025-38174"
},
{
"category": "external",
"summary": "SUSE Bug 1245781 for CVE-2025-38174",
"url": "https://bugzilla.suse.com/1245781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38174"
},
{
"cve": "CVE-2025-38177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_hfsc: make hfsc_qlen_notify() idempotent\n\nhfsc_qlen_notify() is not idempotent either and not friendly\nto its callers, like fq_codel_dequeue(). Let\u0027s make it idempotent\nto ease qdisc_tree_reduce_backlog() callers\u0027 life:\n\n1. update_vf() decreases cl-\u003ecl_nactive, so we can check whether it is\nnon-zero before calling it.\n\n2. eltree_remove() always removes RB node cl-\u003eel_node, but we can use\n RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38177",
"url": "https://www.suse.com/security/cve/CVE-2025-38177"
},
{
"category": "external",
"summary": "SUSE Bug 1245986 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1245986"
},
{
"category": "external",
"summary": "SUSE Bug 1246356 for CVE-2025-38177",
"url": "https://bugzilla.suse.com/1246356"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38177"
},
{
"cve": "CVE-2025-38180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix /proc/net/atm/lec handling\n\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\n\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38180",
"url": "https://www.suse.com/security/cve/CVE-2025-38180"
},
{
"category": "external",
"summary": "SUSE Bug 1245970 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245970"
},
{
"category": "external",
"summary": "SUSE Bug 1245971 for CVE-2025-38180",
"url": "https://bugzilla.suse.com/1245971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38180"
},
{
"cve": "CVE-2025-38181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\n\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\n\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\n\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk-\u003ersk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\n\nHere are 3 options to fix the bug:\n\n 1) Return 0 in calipso_req_setattr()\n 2) Return an error in calipso_req_setattr()\n 3) Alaways set rsk_listener\n\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\n\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\n\nLet\u0027s return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\n\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n \u003cIRQ\u003e\n ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\n calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\n calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\n netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\n selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\n selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\n security_inet_conn_request+0x50/0xa0 security/security.c:4945\n tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\n tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\n tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\n tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\n tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\n tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\n ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\n ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\n dst_input include/net/dst.h:469 [inline]\n ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\n ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38181",
"url": "https://www.suse.com/security/cve/CVE-2025-38181"
},
{
"category": "external",
"summary": "SUSE Bug 1246000 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246000"
},
{
"category": "external",
"summary": "SUSE Bug 1246001 for CVE-2025-38181",
"url": "https://bugzilla.suse.com/1246001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38181"
},
{
"cve": "CVE-2025-38182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: santizize the arguments from userspace when adding a device\n\nSanity check the values for queue depth and number of queues\nwe get from userspace when adding a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38182",
"url": "https://www.suse.com/security/cve/CVE-2025-38182"
},
{
"category": "external",
"summary": "SUSE Bug 1245937 for CVE-2025-38182",
"url": "https://bugzilla.suse.com/1245937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38182"
},
{
"cve": "CVE-2025-38183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()\n\nBefore calling lan743x_ptp_io_event_clock_get(), the \u0027channel\u0027 value\nis checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8).\nThis seems correct and aligns with the PTP interrupt status register\n(PTP_INT_STS) specifications.\n\nHowever, lan743x_ptp_io_event_clock_get() writes to ptp-\u003eextts[] with\nonly LAN743X_PTP_N_EXTTS(4) elements, using channel as an index:\n\n lan743x_ptp_io_event_clock_get(..., u8 channel,...)\n {\n ...\n /* Update Local timestamp */\n extts = \u0026ptp-\u003eextts[channel];\n extts-\u003ets.tv_sec = sec;\n ...\n }\n\nTo avoid an out-of-bounds write and utilize all the supported GPIO\ninputs, set LAN743X_PTP_N_EXTTS to 8.\n\nDetected using the static analysis tool - Svace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38183",
"url": "https://www.suse.com/security/cve/CVE-2025-38183"
},
{
"category": "external",
"summary": "SUSE Bug 1246006 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246006"
},
{
"category": "external",
"summary": "SUSE Bug 1246007 for CVE-2025-38183",
"url": "https://bugzilla.suse.com/1246007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38183"
},
{
"cve": "CVE-2025-38187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in r535_gsp_rpc_push()\n\nThe RPC container is released after being passed to r535_gsp_rpc_send().\n\nWhen sending the initial fragment of a large RPC and passing the\ncaller\u0027s RPC container, the container will be freed prematurely. Subsequent\nattempts to send remaining fragments will therefore result in a\nuse-after-free.\n\nAllocate a temporary RPC container for holding the initial fragment of a\nlarge RPC when sending. Free the caller\u0027s container when all fragments\nare successfully sent.\n\n[ Rebase onto Blackwell changes. - Danilo ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38187",
"url": "https://www.suse.com/security/cve/CVE-2025-38187"
},
{
"category": "external",
"summary": "SUSE Bug 1245951 for CVE-2025-38187",
"url": "https://bugzilla.suse.com/1245951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38187"
},
{
"cve": "CVE-2025-38188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a7xx: Call CP_RESET_CONTEXT_STATE\n\nCalling this packet is necessary when we switch contexts because there\nare various pieces of state used by userspace to synchronize between BR\nand BV that are persistent across submits and we need to make sure that\nthey are in a \"safe\" state when switching contexts. Otherwise a\nuserspace submission in one context could cause another context to\nfunction incorrectly and hang, effectively a denial of service (although\nwithout leaking data). This was missed during initial a7xx bringup.\n\nPatchwork: https://patchwork.freedesktop.org/patch/654924/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38188",
"url": "https://www.suse.com/security/cve/CVE-2025-38188"
},
{
"category": "external",
"summary": "SUSE Bug 1246098 for CVE-2025-38188",
"url": "https://bugzilla.suse.com/1246098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38188"
},
{
"cve": "CVE-2025-38192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38192",
"url": "https://www.suse.com/security/cve/CVE-2025-38192"
},
{
"category": "external",
"summary": "SUSE Bug 1245954 for CVE-2025-38192",
"url": "https://bugzilla.suse.com/1245954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38192"
},
{
"cve": "CVE-2025-38193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: reject invalid perturb period\n\nGerrard Tai reported that SFQ perturb_period has no range check yet,\nand this can be used to trigger a race condition fixed in a separate patch.\n\nWe want to make sure ctl-\u003eperturb_period * HZ will not overflow\nand is positive.\n\n\ntc qd add dev lo root sfq perturb -10 # negative value : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 1000000000 # too big : error\nError: sch_sfq: invalid perturb period.\n\ntc qd add dev lo root sfq perturb 2000000 # acceptable value\ntc -s -d qd sh dev lo\nqdisc sfq 8005: root refcnt 2 limit 127p quantum 64Kb depth 127 flows 128 divisor 1024 perturb 2000000sec\n Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38193",
"url": "https://www.suse.com/security/cve/CVE-2025-38193"
},
{
"category": "external",
"summary": "SUSE Bug 1245945 for CVE-2025-38193",
"url": "https://bugzilla.suse.com/1245945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38193"
},
{
"cve": "CVE-2025-38194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check that raw node were preallocated before writing summary\n\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn\u0027t\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\n\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n \u003cTASK\u003e\n jffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\n jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\n jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\n jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\n generic_perform_write+0x314/0x5d0 mm/filemap.c:3856\n __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\n generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005\n call_write_iter include/linux/fs.h:2265 [inline]\n do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10c/0x170 fs/splice.c:950\n splice_direct_to_actor+0x337/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38194",
"url": "https://www.suse.com/security/cve/CVE-2025-38194"
},
{
"category": "external",
"summary": "SUSE Bug 1245957 for CVE-2025-38194",
"url": "https://bugzilla.suse.com/1245957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38194"
},
{
"cve": "CVE-2025-38197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell_rbu: Fix list usage\n\nPass the correct list head to list_for_each_entry*() when looping through\nthe packet list.\n\nWithout this patch, reading the packet data via sysfs will show the data\nincorrectly (because it starts at the wrong packet), and clearing the\npacket list will result in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38197",
"url": "https://www.suse.com/security/cve/CVE-2025-38197"
},
{
"category": "external",
"summary": "SUSE Bug 1246047 for CVE-2025-38197",
"url": "https://bugzilla.suse.com/1246047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38197"
},
{
"cve": "CVE-2025-38198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type \u0027fb_info *[32]\u0027\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38198",
"url": "https://www.suse.com/security/cve/CVE-2025-38198"
},
{
"category": "external",
"summary": "SUSE Bug 1245952 for CVE-2025-38198",
"url": "https://bugzilla.suse.com/1245952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38198"
},
{
"cve": "CVE-2025-38200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\n\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\n\nPrevent the integer underflow by changing the type of related variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38200",
"url": "https://www.suse.com/security/cve/CVE-2025-38200"
},
{
"category": "external",
"summary": "SUSE Bug 1246045 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246045"
},
{
"category": "external",
"summary": "SUSE Bug 1246046 for CVE-2025-38200",
"url": "https://bugzilla.suse.com/1246046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38200"
},
{
"cve": "CVE-2025-38202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38202",
"url": "https://www.suse.com/security/cve/CVE-2025-38202"
},
{
"category": "external",
"summary": "SUSE Bug 1245980 for CVE-2025-38202",
"url": "https://bugzilla.suse.com/1245980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38202"
},
{
"cve": "CVE-2025-38203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38203"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix null-ptr-deref in jfs_ioc_trim\n\n[ Syzkaller Report ]\n\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n\n[ Analysis ]\n\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\n\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\n\nTo trigger the bug, we think that `JFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38203",
"url": "https://www.suse.com/security/cve/CVE-2025-38203"
},
{
"category": "external",
"summary": "SUSE Bug 1246044 for CVE-2025-38203",
"url": "https://bugzilla.suse.com/1246044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38203"
},
{
"cve": "CVE-2025-38204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds read in add_missing_indices\n\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\n\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38204",
"url": "https://www.suse.com/security/cve/CVE-2025-38204"
},
{
"category": "external",
"summary": "SUSE Bug 1245983 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245983"
},
{
"category": "external",
"summary": "SUSE Bug 1245984 for CVE-2025-38204",
"url": "https://bugzilla.suse.com/1245984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38204"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs-tsm-report: Fix NULL dereference of tsm_ops\n\nUnlike sysfs, the lifetime of configfs objects is controlled by\nuserspace. There is no mechanism for the kernel to find and delete all\ncreated config-items. Instead, the configfs-tsm-report mechanism has an\nexpectation that tsm_unregister() can happen at any time and cause\nestablished config-item access to start failing.\n\nThat expectation is not fully satisfied. While tsm_report_read(),\ntsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail\nif tsm_ops have been unregistered, tsm_report_privlevel_store()\ntsm_report_provider_show() fail to check for ops registration. Add the\nmissing checks for tsm_ops having been removed.\n\nNow, in supporting the ability for tsm_unregister() to always succeed,\nit leaves the problem of what to do with lingering config-items. The\nexpectation is that the admin that arranges for the -\u003eremove() (unbind)\nof the ${tsm_arch}-guest driver is also responsible for deletion of all\nopen config-items. Until that deletion happens, -\u003eprobe() (reload /\nbind) of the ${tsm_arch}-guest driver fails.\n\nThis allows for emergency shutdown / revocation of attestation\ninterfaces, and requires coordinated restart.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38210",
"url": "https://www.suse.com/security/cve/CVE-2025-38210"
},
{
"category": "external",
"summary": "SUSE Bug 1246020 for CVE-2025-38210",
"url": "https://bugzilla.suse.com/1246020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38210"
},
{
"cve": "CVE-2025-38211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38211"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38211",
"url": "https://www.suse.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "SUSE Bug 1246008 for CVE-2025-38211",
"url": "https://bugzilla.suse.com/1246008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38211"
},
{
"cve": "CVE-2025-38212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38212"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38212",
"url": "https://www.suse.com/security/cve/CVE-2025-38212"
},
{
"category": "external",
"summary": "SUSE Bug 1246029 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246029"
},
{
"category": "external",
"summary": "SUSE Bug 1246030 for CVE-2025-38212",
"url": "https://bugzilla.suse.com/1246030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38212"
},
{
"cve": "CVE-2025-38213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38213"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38213",
"url": "https://www.suse.com/security/cve/CVE-2025-38213"
},
{
"category": "external",
"summary": "SUSE Bug 1246037 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246037"
},
{
"category": "external",
"summary": "SUSE Bug 1246039 for CVE-2025-38213",
"url": "https://bugzilla.suse.com/1246039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38213"
},
{
"cve": "CVE-2025-38214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nThe reason is that fb_info-\u003evar is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info-\u003emodelist, fb_set_var() returns error, but does not restore the\nold value of fb_info-\u003evar. Restore fb_info-\u003evar on failure the same way\nit is done earlier in the function.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38214",
"url": "https://www.suse.com/security/cve/CVE-2025-38214"
},
{
"category": "external",
"summary": "SUSE Bug 1246042 for CVE-2025-38214",
"url": "https://bugzilla.suse.com/1246042"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38214"
},
{
"cve": "CVE-2025-38215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38215",
"url": "https://www.suse.com/security/cve/CVE-2025-38215"
},
{
"category": "external",
"summary": "SUSE Bug 1246109 for CVE-2025-38215",
"url": "https://bugzilla.suse.com/1246109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38215"
},
{
"cve": "CVE-2025-38217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38217",
"url": "https://www.suse.com/security/cve/CVE-2025-38217"
},
{
"category": "external",
"summary": "SUSE Bug 1246002 for CVE-2025-38217",
"url": "https://bugzilla.suse.com/1246002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38217"
},
{
"cve": "CVE-2025-38220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: only dirty folios when data journaling regular files\n\nfstest generic/388 occasionally reproduces a crash that looks as\nfollows:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCall Trace:\n \u003cTASK\u003e\n ext4_block_zero_page_range+0x30c/0x380 [ext4]\n ext4_truncate+0x436/0x440 [ext4]\n ext4_process_orphan+0x5d/0x110 [ext4]\n ext4_orphan_cleanup+0x124/0x4f0 [ext4]\n ext4_fill_super+0x262d/0x3110 [ext4]\n get_tree_bdev_flags+0x132/0x1d0\n vfs_get_tree+0x26/0xd0\n vfs_cmd_create+0x59/0xe0\n __do_sys_fsconfig+0x4ed/0x6b0\n do_syscall_64+0x82/0x170\n ...\n\nThis occurs when processing a symlink inode from the orphan list. The\npartial block zeroing code in the truncate path calls\next4_dirty_journalled_data() -\u003e folio_mark_dirty(). The latter calls\nmapping-\u003ea_ops-\u003edirty_folio(), but symlink inodes are not assigned an\na_ops vector in ext4, hence the crash.\n\nTo avoid this problem, update the ext4_dirty_journalled_data() helper to\nonly mark the folio dirty on regular files (for which a_ops is\nassigned). This also matches the journaling logic in the ext4_symlink()\ncreation path, where ext4_handle_dirty_metadata() is called directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38220",
"url": "https://www.suse.com/security/cve/CVE-2025-38220"
},
{
"category": "external",
"summary": "SUSE Bug 1245966 for CVE-2025-38220",
"url": "https://bugzilla.suse.com/1245966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38220"
},
{
"cve": "CVE-2025-38222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: inline: fix len overflow in ext4_prepare_inline_data\n\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\n\n fd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\n ftruncate(fd, 30);\n pwrite(fd, \"a\", 1, (1UL \u003c\u003c 40) + 5UL);\n\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\n\nThen, later when write_end is called, we hit:\n\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nat ext4_write_inline_data.\n\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b \u003c0f\u003e 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \u003cTASK\u003e\n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38222",
"url": "https://www.suse.com/security/cve/CVE-2025-38222"
},
{
"category": "external",
"summary": "SUSE Bug 1245976 for CVE-2025-38222",
"url": "https://bugzilla.suse.com/1245976"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38222"
},
{
"cve": "CVE-2025-38225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38225",
"url": "https://www.suse.com/security/cve/CVE-2025-38225"
},
{
"category": "external",
"summary": "SUSE Bug 1246041 for CVE-2025-38225",
"url": "https://bugzilla.suse.com/1246041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38225"
},
{
"cve": "CVE-2025-38226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: Change the siize of the composing\n\nsyzkaller found a bug:\n\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\n\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\n tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\n vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\n vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\n vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\n kthread+0x7a9/0x920 kernel/kthread.c:464\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38226",
"url": "https://www.suse.com/security/cve/CVE-2025-38226"
},
{
"category": "external",
"summary": "SUSE Bug 1246050 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246050"
},
{
"category": "external",
"summary": "SUSE Bug 1246051 for CVE-2025-38226",
"url": "https://bugzilla.suse.com/1246051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38226"
},
{
"cve": "CVE-2025-38227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Terminating the subsequent process of initialization failure\n\nsyzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]\n\nAfter PSI initialization fails, the si member is accessed again, resulting\nin this uaf.\n\nAfter si initialization fails, the subsequent process needs to be exited.\n\n[1]\nBUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]\nBUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nRead of size 8 at addr ffff88802fa42acc by task syz.2.37/6059\n\nCPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xd9/0x110 mm/kasan/report.c:634\nvidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78\nvidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524\nvidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\nvidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\ndmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\ndvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\ndvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\ndvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\ndvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\ndvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n__fput+0x3ff/0xb70 fs/file_table.c:464\ntask_work_run+0x14e/0x250 kernel/task_work.c:227\nexit_task_work include/linux/task_work.h:40 [inline]\ndo_exit+0xad8/0x2d70 kernel/exit.c:938\ndo_group_exit+0xd3/0x2a0 kernel/exit.c:1087\n__do_sys_exit_group kernel/exit.c:1098 [inline]\n__se_sys_exit_group kernel/exit.c:1096 [inline]\n__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096\nx64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f871d58d169\nCode: Unable to access opcode bytes at 0x7f871d58d13f.\nRSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169\nRDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0\nR10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003\nR13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840\n \u003c/TASK\u003e\n\nAllocated by task 6059:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970\n vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423\n vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194\n vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239\n dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973\n dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]\n dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537\n dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3ff/0xb70 fs/file_tabl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38227",
"url": "https://www.suse.com/security/cve/CVE-2025-38227"
},
{
"category": "external",
"summary": "SUSE Bug 1246031 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246031"
},
{
"category": "external",
"summary": "SUSE Bug 1246032 for CVE-2025-38227",
"url": "https://bugzilla.suse.com/1246032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38227"
},
{
"cve": "CVE-2025-38229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38229",
"url": "https://www.suse.com/security/cve/CVE-2025-38229"
},
{
"category": "external",
"summary": "SUSE Bug 1246049 for CVE-2025-38229",
"url": "https://bugzilla.suse.com/1246049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38229"
},
{
"cve": "CVE-2025-38231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Initialize ssc before laundromat_work to prevent NULL dereference\n\nIn nfs4_state_start_net(), laundromat_work may access nfsd_ssc through\nnfs4_laundromat -\u003e nfsd4_ssc_expire_umount. If nfsd_ssc isn\u0027t initialized,\nthis can cause NULL pointer dereference.\n\nNormally the delayed start of laundromat_work allows sufficient time for\nnfsd_ssc initialization to complete. However, when the kernel waits too\nlong for userspace responses (e.g. in nfs4_state_start_net -\u003e\nnfsd4_end_grace -\u003e nfsd4_record_grace_done -\u003e nfsd4_cld_grace_done -\u003e\ncld_pipe_upcall -\u003e __cld_pipe_upcall -\u003e wait_for_completion path), the\ndelayed work may start before nfsd_ssc initialization finishes.\n\nFix this by moving nfsd_ssc initialization before starting laundromat_work.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38231",
"url": "https://www.suse.com/security/cve/CVE-2025-38231"
},
{
"category": "external",
"summary": "SUSE Bug 1246055 for CVE-2025-38231",
"url": "https://bugzilla.suse.com/1246055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38231"
},
{
"cve": "CVE-2025-38236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don\u0027t leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b\u0027x\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027y\u0027, MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b\u0027z\u0027, MSG_OOB)\n s2.recv(1) # recv \u0027z\u0027 illegally\n s2.recv(1, MSG_OOB) # access \u0027z\u0027 skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2\u0027s recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet\u0027s not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38236",
"url": "https://www.suse.com/security/cve/CVE-2025-38236"
},
{
"category": "external",
"summary": "SUSE Bug 1246093 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246093"
},
{
"category": "external",
"summary": "SUSE Bug 1246936 for CVE-2025-38236",
"url": "https://bugzilla.suse.com/1246936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38236"
},
{
"cve": "CVE-2025-38239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type \u0027cpumask *[1024]\u0027\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38239",
"url": "https://www.suse.com/security/cve/CVE-2025-38239"
},
{
"category": "external",
"summary": "SUSE Bug 1246178 for CVE-2025-38239",
"url": "https://bugzilla.suse.com/1246178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38239"
},
{
"cve": "CVE-2025-38244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38244"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38244",
"url": "https://www.suse.com/security/cve/CVE-2025-38244"
},
{
"category": "external",
"summary": "SUSE Bug 1246183 for CVE-2025-38244",
"url": "https://bugzilla.suse.com/1246183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38244"
},
{
"cve": "CVE-2025-38246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: properly flush XDP redirect lists\n\nWe encountered following crash when testing a XDP_REDIRECT feature\nin production:\n\n[56251.579676] list_add corruption. next-\u003eprev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd\n40f30).\n[56251.601413] ------------[ cut here ]------------\n[56251.611357] kernel BUG at lib/list_debug.c:29!\n[56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[56251.632073] CPU: 111 UID: 0 PID: 0 Comm: swapper/111 Kdump: loaded Tainted: P O 6.12.33-cloudflare-2025.6.\n3 #1\n[56251.653155] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE\n[56251.663877] Hardware name: MiTAC GC68B-B8032-G11P6-GPU/S8032GM-HE-CFR, BIOS V7.020.B10-sig 01/22/2025\n[56251.682626] RIP: 0010:__list_add_valid_or_report+0x4b/0xa0\n[56251.693203] Code: 0e 48 c7 c7 68 e7 d9 97 e8 42 16 fe ff 0f 0b 48 8b 52 08 48 39 c2 74 14 48 89 f1 48 c7 c7 90 e7 d9 97 48\n 89 c6 e8 25 16 fe ff \u003c0f\u003e 0b 4c 8b 02 49 39 f0 74 14 48 89 d1 48 c7 c7 e8 e7 d9 97 4c 89\n[56251.725811] RSP: 0018:ffff93120dd40b80 EFLAGS: 00010246\n[56251.736094] RAX: 0000000000000075 RBX: ffffb301e6bba9d8 RCX: 0000000000000000\n[56251.748260] RDX: 0000000000000000 RSI: ffff9149afda0b80 RDI: ffff9149afda0b80\n[56251.760349] RBP: ffff9131e49c8000 R08: 0000000000000000 R09: ffff93120dd40a18\n[56251.772382] R10: ffff9159cf2ce1a8 R11: 0000000000000003 R12: ffff911a80850000\n[56251.784364] R13: ffff93120fbc7000 R14: 0000000000000010 R15: ffff9139e7510e40\n[56251.796278] FS: 0000000000000000(0000) GS:ffff9149afd80000(0000) knlGS:0000000000000000\n[56251.809133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[56251.819561] CR2: 00007f5e85e6f300 CR3: 00000038b85e2006 CR4: 0000000000770ef0\n[56251.831365] PKRU: 55555554\n[56251.838653] Call Trace:\n[56251.845560] \u003cIRQ\u003e\n[56251.851943] cpu_map_enqueue.cold+0x5/0xa\n[56251.860243] xdp_do_redirect+0x2d9/0x480\n[56251.868388] bnxt_rx_xdp+0x1d8/0x4c0 [bnxt_en]\n[56251.877028] bnxt_rx_pkt+0x5f7/0x19b0 [bnxt_en]\n[56251.885665] ? cpu_max_write+0x1e/0x100\n[56251.893510] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.902276] __bnxt_poll_work+0x190/0x340 [bnxt_en]\n[56251.911058] bnxt_poll+0xab/0x1b0 [bnxt_en]\n[56251.919041] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.927568] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.935958] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.944250] __napi_poll+0x2b/0x160\n[56251.951155] bpf_trampoline_6442548651+0x79/0x123\n[56251.959262] __napi_poll+0x5/0x160\n[56251.966037] net_rx_action+0x3d2/0x880\n[56251.973133] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.981265] ? srso_alias_return_thunk+0x5/0xfbef5\n[56251.989262] ? __hrtimer_run_queues+0x162/0x2a0\n[56251.996967] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.004875] ? srso_alias_return_thunk+0x5/0xfbef5\n[56252.012673] ? bnxt_msix+0x62/0x70 [bnxt_en]\n[56252.019903] handle_softirqs+0xcf/0x270\n[56252.026650] irq_exit_rcu+0x67/0x90\n[56252.032933] common_interrupt+0x85/0xa0\n[56252.039498] \u003c/IRQ\u003e\n[56252.044246] \u003cTASK\u003e\n[56252.048935] asm_common_interrupt+0x26/0x40\n[56252.055727] RIP: 0010:cpuidle_enter_state+0xb8/0x420\n[56252.063305] Code: dc 01 00 00 e8 f9 79 3b ff e8 64 f7 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 a5 32 3a ff 45 84 ff 0f 85 ae\n 01 00 00 fb 45 85 f6 \u003c0f\u003e 88 88 01 00 00 48 8b 04 24 49 63 ce 4c 89 ea 48 6b f1 68 48 29\n[56252.088911] RSP: 0018:ffff93120c97fe98 EFLAGS: 00000202\n[56252.096912] RAX: ffff9149afd80000 RBX: ffff9141d3a72800 RCX: 0000000000000000\n[56252.106844] RDX: 00003329176c6b98 RSI: ffffffe36db3fdc7 RDI: 0000000000000000\n[56252.116733] RBP: 0000000000000002 R08: 0000000000000002 R09: 000000000000004e\n[56252.126652] R10: ffff9149afdb30c4 R11: 071c71c71c71c71c R12: ffffffff985ff860\n[56252.136637] R13: 00003329176c6b98 R14: 0000000000000002 R15: 0000000000000000\n[56252.146667] ? cpuidle_enter_state+0xab/0x420\n[56252.153909] cpuidle_enter+0x2d/0x40\n[56252.160360] do_idle+0x176/0x1c0\n[56252.166456\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38246",
"url": "https://www.suse.com/security/cve/CVE-2025-38246"
},
{
"category": "external",
"summary": "SUSE Bug 1246195 for CVE-2025-38246",
"url": "https://bugzilla.suse.com/1246195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38246"
},
{
"cve": "CVE-2025-38248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38248",
"url": "https://www.suse.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "SUSE Bug 1246173 for CVE-2025-38248",
"url": "https://bugzilla.suse.com/1246173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38248"
},
{
"cve": "CVE-2025-38249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\n\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\n\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38249",
"url": "https://www.suse.com/security/cve/CVE-2025-38249"
},
{
"category": "external",
"summary": "SUSE Bug 1246171 for CVE-2025-38249",
"url": "https://bugzilla.suse.com/1246171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38249"
},
{
"cve": "CVE-2025-38250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38250"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet\u0027s run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38250",
"url": "https://www.suse.com/security/cve/CVE-2025-38250"
},
{
"category": "external",
"summary": "SUSE Bug 1246182 for CVE-2025-38250",
"url": "https://bugzilla.suse.com/1246182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38250"
},
{
"cve": "CVE-2025-38257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Prevent overflow in size calculation for memdup_user()\n\nNumber of apqn target list entries contained in \u0027nr_apqns\u0027 variable is\ndetermined by userspace via an ioctl call so the result of the product in\ncalculation of size passed to memdup_user() may overflow.\n\nIn this case the actual size of the allocated area and the value\ndescribing it won\u0027t be in sync leading to various types of unpredictable\nbehaviour later.\n\nUse a proper memdup_array_user() helper which returns an error if an\noverflow is detected. Note that it is different from when nr_apqns is\ninitially zero - that case is considered valid and should be handled in\nsubsequent pkey_handler implementations.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38257",
"url": "https://www.suse.com/security/cve/CVE-2025-38257"
},
{
"category": "external",
"summary": "SUSE Bug 1246186 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246186"
},
{
"category": "external",
"summary": "SUSE Bug 1246189 for CVE-2025-38257",
"url": "https://bugzilla.suse.com/1246189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38257"
},
{
"cve": "CVE-2025-38259",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38259"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38259",
"url": "https://www.suse.com/security/cve/CVE-2025-38259"
},
{
"category": "external",
"summary": "SUSE Bug 1246220 for CVE-2025-38259",
"url": "https://bugzilla.suse.com/1246220"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38259"
},
{
"cve": "CVE-2025-38264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it\u0027s not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38264",
"url": "https://www.suse.com/security/cve/CVE-2025-38264"
},
{
"category": "external",
"summary": "SUSE Bug 1246387 for CVE-2025-38264",
"url": "https://bugzilla.suse.com/1246387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38264"
},
{
"cve": "CVE-2025-38272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38272",
"url": "https://www.suse.com/security/cve/CVE-2025-38272"
},
{
"category": "external",
"summary": "SUSE Bug 1246268 for CVE-2025-38272",
"url": "https://bugzilla.suse.com/1246268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38272"
},
{
"cve": "CVE-2025-38273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38273"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tipc: fix refcount warning in tipc_aead_encrypt\n\nsyzbot reported a refcount warning [1] caused by calling get_net() on\na network namespace that is being destroyed (refcount=0). This happens\nwhen a TIPC discovery timer fires during network namespace cleanup.\n\nThe recently added get_net() call in commit e279024617134 (\"net/tipc:\nfix slab-use-after-free Read in tipc_aead_encrypt_done\") attempts to\nhold a reference to the network namespace. However, if the namespace\nis already being destroyed, its refcount might be zero, leading to the\nuse-after-free warning.\n\nReplace get_net() with maybe_get_net(), which safely checks if the\nrefcount is non-zero before incrementing it. If the namespace is being\ndestroyed, return -ENODEV early, after releasing the bearer reference.\n\n[1]: https://lore.kernel.org/all/68342b55.a70a0220.253bc2.0091.GAE@google.com/T/#m12019cf9ae77e1954f666914640efa36d52704a2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38273",
"url": "https://www.suse.com/security/cve/CVE-2025-38273"
},
{
"category": "external",
"summary": "SUSE Bug 1246266 for CVE-2025-38273",
"url": "https://bugzilla.suse.com/1246266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38273"
},
{
"cve": "CVE-2025-38275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38275",
"url": "https://www.suse.com/security/cve/CVE-2025-38275"
},
{
"category": "external",
"summary": "SUSE Bug 1246236 for CVE-2025-38275",
"url": "https://bugzilla.suse.com/1246236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38275"
},
{
"cve": "CVE-2025-38277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: nand: ecc-mxic: Fix use of uninitialized variable ret\n\nIf ctx-\u003esteps is zero, the loop processing ECC steps is skipped,\nand the variable ret remains uninitialized. It is later checked\nand returned, which leads to undefined behavior and may cause\nunpredictable results in user space or kernel crashes.\n\nThis scenario can be triggered in edge cases such as misconfigured\ngeometry, ECC engine misuse, or if ctx-\u003esteps is not validated\nafter initialization.\n\nInitialize ret to zero before the loop to ensure correct and safe\nbehavior regardless of the ctx-\u003esteps value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38277",
"url": "https://www.suse.com/security/cve/CVE-2025-38277"
},
{
"category": "external",
"summary": "SUSE Bug 1246246 for CVE-2025-38277",
"url": "https://bugzilla.suse.com/1246246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38277"
},
{
"cve": "CVE-2025-38279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38279"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not include stack ptr register in precision backtracking bookkeeping\n\nYi Lai reported an issue ([1]) where the following warning appears\nin kernel dmesg:\n [ 60.643604] verifier backtracking bug\n [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10\n [ 60.648428] Modules linked in: bpf_testmod(OE)\n [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f8289-dirty #327 PREEMPT(full)\n [ 60.654385] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n [ 60.656682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [ 60.660475] RIP: 0010:__mark_chain_precision+0x3a6c/0x3e10\n [ 60.662814] Code: 5a 30 84 89 ea e8 c4 d9 01 00 80 3d 3e 7d d8 04 00 0f 85 60 fa ff ff c6 05 31 7d d8 04\n 01 48 c7 c7 00 58 30 84 e8 c4 06 a5 ff \u003c0f\u003e 0b e9 46 fa ff ff 48 ...\n [ 60.668720] RSP: 0018:ffff888116cc7298 EFLAGS: 00010246\n [ 60.671075] RAX: 54d70e82dfd31900 RBX: ffff888115b65e20 RCX: 0000000000000000\n [ 60.673659] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff\n [ 60.676241] RBP: 0000000000000400 R08: ffff8881f6f23bd3 R09: 1ffff1103ede477a\n [ 60.678787] R10: dffffc0000000000 R11: ffffed103ede477b R12: ffff888115b60ae8\n [ 60.681420] R13: 1ffff11022b6cbc4 R14: 00000000fffffff2 R15: 0000000000000001\n [ 60.684030] FS: 00007fc2aedd80c0(0000) GS:ffff88826fa8a000(0000) knlGS:0000000000000000\n [ 60.686837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 60.689027] CR2: 000056325369e000 CR3: 000000011088b002 CR4: 0000000000370ef0\n [ 60.691623] Call Trace:\n [ 60.692821] \u003cTASK\u003e\n [ 60.693960] ? __pfx_verbose+0x10/0x10\n [ 60.695656] ? __pfx_disasm_kfunc_name+0x10/0x10\n [ 60.697495] check_cond_jmp_op+0x16f7/0x39b0\n [ 60.699237] do_check+0x58fa/0xab10\n ...\n\nFurther analysis shows the warning is at line 4302 as below:\n\n 4294 /* static subprog call instruction, which\n 4295 * means that we are exiting current subprog,\n 4296 * so only r1-r5 could be still requested as\n 4297 * precise, r0 and r6-r10 or any stack slot in\n 4298 * the current frame should be zero by now\n 4299 */\n 4300 if (bt_reg_mask(bt) \u0026 ~BPF_REGMASK_ARGS) {\n 4301 verbose(env, \"BUG regs %x\\n\", bt_reg_mask(bt));\n 4302 WARN_ONCE(1, \"verifier backtracking bug\");\n 4303 return -EFAULT;\n 4304 }\n\nWith the below test (also in the next patch):\n __used __naked static void __bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r2 = 2314885393468386424 ll;\"\n\t\"goto +0;\"\n\t\"if r2 \u003c= r10 goto +3;\"\n\t\"if r1 \u003e= -1835016 goto +0;\"\n\t\"if r2 \u003c= 8 goto +0;\"\n\t\"if r3 \u003c= 0 goto +0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\n SEC(\"?raw_tp\")\n __naked void bpf_jmp_r10(void)\n {\n\tasm volatile (\n\t\"r3 = 0 ll;\"\n\t\"call __bpf_jmp_r10;\"\n\t\"r0 = 0;\"\n\t\"exit;\"\n\t::: __clobber_all);\n }\n\nThe following is the verifier failure log:\n 0: (18) r3 = 0x0 ; R3_w=0\n 2: (85) call pc+2\n caller:\n R10=fp0\n callee:\n frame1: R1=ctx() R3_w=0 R10=fp0\n 5: frame1: R1=ctx() R3_w=0 R10=fp0\n ; asm volatile (\" \\ @ verifier_precision.c:184\n 5: (18) r2 = 0x20202000256c6c78 ; frame1: R2_w=0x20202000256c6c78\n 7: (05) goto pc+0\n 8: (bd) if r2 \u003c= r10 goto pc+3 ; frame1: R2_w=0x20202000256c6c78 R10=fp0\n 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0 ; frame1: R1=ctx()\n 10: (b5) if r2 \u003c= 0x8 goto pc+0\n mark_precise: frame1: last_idx 10 first_idx 0 subseq_idx -1\n mark_precise: frame1: regs=r2 stack= before 9: (35) if r1 \u003e= 0xffe3fff8 goto pc+0\n mark_precise: frame1: regs=r2 stack= before 8: (bd) if r2 \u003c= r10 goto pc+3\n mark_preci\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38279",
"url": "https://www.suse.com/security/cve/CVE-2025-38279"
},
{
"category": "external",
"summary": "SUSE Bug 1246264 for CVE-2025-38279",
"url": "https://bugzilla.suse.com/1246264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38279"
},
{
"cve": "CVE-2025-38283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhisi_acc_vfio_pci: bugfix live migration function without VF device driver\n\nIf the VF device driver is not loaded in the Guest OS and we attempt to\nperform device data migration, the address of the migrated data will\nbe NULL.\nThe live migration recovery operation on the destination side will\naccess a null address value, which will cause access errors.\n\nTherefore, live migration of VMs without added VF device drivers\ndoes not require device data migration.\nIn addition, when the queue address data obtained by the destination\nis empty, device queue recovery processing will not be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38283",
"url": "https://www.suse.com/security/cve/CVE-2025-38283"
},
{
"category": "external",
"summary": "SUSE Bug 1246273 for CVE-2025-38283",
"url": "https://bugzilla.suse.com/1246273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38283"
},
{
"cve": "CVE-2025-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: at91: Fix possible out-of-boundary access\n\nat91_gpio_probe() doesn\u0027t check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won\u0027t actually perform the required\nchecks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38286",
"url": "https://www.suse.com/security/cve/CVE-2025-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1246283 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246283"
},
{
"category": "external",
"summary": "SUSE Bug 1246284 for CVE-2025-38286",
"url": "https://bugzilla.suse.com/1246284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38286"
},
{
"cve": "CVE-2025-38289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38289",
"url": "https://www.suse.com/security/cve/CVE-2025-38289"
},
{
"category": "external",
"summary": "SUSE Bug 1246287 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246287"
},
{
"category": "external",
"summary": "SUSE Bug 1246288 for CVE-2025-38289",
"url": "https://bugzilla.suse.com/1246288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38289"
},
{
"cve": "CVE-2025-38290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath12k_core_halt() only reinitializes\nthe \"arvifs\" list head. This will cause the list node immediately following\nthe list head to become an invalid list node. Because the prev of that node\nstill points to the list head \"arvifs\", but the next of the list head\n\"arvifs\" no longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif removal, and it\nhappens before the spin_lock_bh(\u0026ar-\u003edata_lock) in\nath12k_mac_vdev_delete(), list_del() will detect the previously mentioned\nsituation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the list head\n\"arvifs\" during WLAN halt. The reinitialization is to make the list nodes\nvalid, ensuring that the list_del() in ath12k_mac_vdev_delete() can execute\nnormally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xd4/0x100 (P)\nath12k_mac_remove_link_interface.isra.0+0xf8/0x2e4 [ath12k]\nath12k_scan_vdev_clean_work+0x40/0x164 [ath12k]\ncfg80211_wiphy_work+0xfc/0x100\nprocess_one_work+0x164/0x2d0\nworker_thread+0x254/0x380\nkthread+0xfc/0x100\nret_from_fork+0x10/0x20\n\nThe change is mostly copied from the ath11k patch:\nhttps://lore.kernel.org/all/20250320053145.3445187-1-quic_stonez@quicinc.com/\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38290",
"url": "https://www.suse.com/security/cve/CVE-2025-38290"
},
{
"category": "external",
"summary": "SUSE Bug 1246293 for CVE-2025-38290",
"url": "https://bugzilla.suse.com/1246293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38290"
},
{
"cve": "CVE-2025-38292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix invalid access to memory\n\nIn ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean\nis_continuation is part of rxcb.\nCurrently, after freeing the skb, the rxcb-\u003eis_continuation accessed\nagain which is wrong since the memory is already freed.\nThis might lead use-after-free error.\n\nHence, fix by locally defining bool is_continuation from rxcb,\nso that after freeing skb, is_continuation can be used.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38292",
"url": "https://www.suse.com/security/cve/CVE-2025-38292"
},
{
"category": "external",
"summary": "SUSE Bug 1246295 for CVE-2025-38292",
"url": "https://bugzilla.suse.com/1246295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38292"
},
{
"cve": "CVE-2025-38293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(\u0026ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38293",
"url": "https://www.suse.com/security/cve/CVE-2025-38293"
},
{
"category": "external",
"summary": "SUSE Bug 1246292 for CVE-2025-38293",
"url": "https://bugzilla.suse.com/1246292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38293"
},
{
"cve": "CVE-2025-38300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38300",
"url": "https://www.suse.com/security/cve/CVE-2025-38300"
},
{
"category": "external",
"summary": "SUSE Bug 1246349 for CVE-2025-38300",
"url": "https://bugzilla.suse.com/1246349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38300"
},
{
"cve": "CVE-2025-38303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38303",
"url": "https://www.suse.com/security/cve/CVE-2025-38303"
},
{
"category": "external",
"summary": "SUSE Bug 1246354 for CVE-2025-38303",
"url": "https://bugzilla.suse.com/1246354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38303"
},
{
"cve": "CVE-2025-38304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix NULL pointer deference on eir_get_service_data\n\nThe len parameter is considered optional so it can be NULL so it cannot\nbe used for skipping to next entry of EIR_SERVICE_DATA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38304",
"url": "https://www.suse.com/security/cve/CVE-2025-38304"
},
{
"category": "external",
"summary": "SUSE Bug 1246240 for CVE-2025-38304",
"url": "https://bugzilla.suse.com/1246240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38304"
},
{
"cve": "CVE-2025-38305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: remove ptp-\u003en_vclocks check logic in ptp_vclock_in_use()\n\nThere is no disagreement that we should check both ptp-\u003eis_virtual_clock\nand ptp-\u003en_vclocks to check if the ptp virtual clock is in use.\n\nHowever, when we acquire ptp-\u003en_vclocks_mux to read ptp-\u003en_vclocks in\nptp_vclock_in_use(), we observe a recursive lock in the call trace\nstarting from n_vclocks_store().\n\n============================================\nWARNING: possible recursive locking detected\n6.15.0-rc6 #1 Not tainted\n--------------------------------------------\nsyz.0.1540/13807 is trying to acquire lock:\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_vclock_in_use drivers/ptp/ptp_private.h:103 [inline]\nffff888035a24868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n ptp_clock_unregister+0x21/0x250 drivers/ptp/ptp_clock.c:415\n\nbut task is already holding lock:\nffff888030704868 (\u0026ptp-\u003en_vclocks_mux){+.+.}-{4:4}, at:\n n_vclocks_store+0xf1/0x6d0 drivers/ptp/ptp_sysfs.c:215\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026ptp-\u003en_vclocks_mux);\n lock(\u0026ptp-\u003en_vclocks_mux);\n\n *** DEADLOCK ***\n....\n============================================\n\nThe best way to solve this is to remove the logic that checks\nptp-\u003en_vclocks in ptp_vclock_in_use().\n\nThe reason why this is appropriate is that any path that uses\nptp-\u003en_vclocks must unconditionally check if ptp-\u003en_vclocks is greater\nthan 0 before unregistering vclocks, and all functions are already\nwritten this way. And in the function that uses ptp-\u003en_vclocks, we\nalready get ptp-\u003en_vclocks_mux before unregistering vclocks.\n\nTherefore, we need to remove the redundant check for ptp-\u003en_vclocks in\nptp_vclock_in_use() to prevent recursive locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38305",
"url": "https://www.suse.com/security/cve/CVE-2025-38305"
},
{
"category": "external",
"summary": "SUSE Bug 1246358 for CVE-2025-38305",
"url": "https://bugzilla.suse.com/1246358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38305"
},
{
"cve": "CVE-2025-38307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Verify content returned by parse_int_array()\n\nThe first element of the returned array stores its length. If it is 0,\nany manipulation beyond the element at index 0 ends with null-ptr-deref.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38307",
"url": "https://www.suse.com/security/cve/CVE-2025-38307"
},
{
"category": "external",
"summary": "SUSE Bug 1246364 for CVE-2025-38307",
"url": "https://bugzilla.suse.com/1246364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38307"
},
{
"cve": "CVE-2025-38310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38310"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: Fix validation of nexthop addresses\n\nThe kernel currently validates that the length of the provided nexthop\naddress does not exceed the specified length. This can lead to the\nkernel reading uninitialized memory if user space provided a shorter\nlength than the specified one.\n\nFix by validating that the provided length exactly matches the specified\none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38310",
"url": "https://www.suse.com/security/cve/CVE-2025-38310"
},
{
"category": "external",
"summary": "SUSE Bug 1246361 for CVE-2025-38310",
"url": "https://bugzilla.suse.com/1246361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38310"
},
{
"cve": "CVE-2025-38312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38312",
"url": "https://www.suse.com/security/cve/CVE-2025-38312"
},
{
"category": "external",
"summary": "SUSE Bug 1246386 for CVE-2025-38312",
"url": "https://bugzilla.suse.com/1246386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38312"
},
{
"cve": "CVE-2025-38313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix double-free on mc_dev\n\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\n\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\n\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\n\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38313",
"url": "https://www.suse.com/security/cve/CVE-2025-38313"
},
{
"category": "external",
"summary": "SUSE Bug 1246342 for CVE-2025-38313",
"url": "https://bugzilla.suse.com/1246342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38313"
},
{
"cve": "CVE-2025-38319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table\n\nThe function atomctrl_initialize_mc_reg_table() and\natomctrl_initialize_mc_reg_table_v2_2() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table()\nfails to retrieve vram_info, it returns NULL which is later\ndereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38319",
"url": "https://www.suse.com/security/cve/CVE-2025-38319"
},
{
"category": "external",
"summary": "SUSE Bug 1246243 for CVE-2025-38319",
"url": "https://bugzilla.suse.com/1246243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38319"
},
{
"cve": "CVE-2025-38323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: add lec_mutex\n\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\n\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\n\nFollowing patch will use this mutex for /proc/net/atm/lec.\n\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\n\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xcd/0x680 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n lecd_attach net/atm/lec.c:751 [inline]\n lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4328 [inline]\n __kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\n alloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\n lecd_attach net/atm/lec.c:737 [inline]\n lane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 6132:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x2b4/0x4d0 mm/slub.c:4842\n free_netdev+0x6c5/0x910 net/core/dev.c:11892\n lecd_attach net/atm/lec.c:744 [inline]\n lane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x118/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38323",
"url": "https://www.suse.com/security/cve/CVE-2025-38323"
},
{
"category": "external",
"summary": "SUSE Bug 1246473 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246473"
},
{
"category": "external",
"summary": "SUSE Bug 1246525 for CVE-2025-38323",
"url": "https://bugzilla.suse.com/1246525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38323"
},
{
"cve": "CVE-2025-38326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: clean device rq_list in aoedev_downdev()\n\nAn aoe device\u0027s rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38326",
"url": "https://www.suse.com/security/cve/CVE-2025-38326"
},
{
"category": "external",
"summary": "SUSE Bug 1246490 for CVE-2025-38326",
"url": "https://bugzilla.suse.com/1246490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38326"
},
{
"cve": "CVE-2025-38328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\n\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\n\nHandle that. The code is ready for propagating the error upwards.\n\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\n jffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\n jffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\n jffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\n jffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\n jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\n jffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\n generic_perform_write+0x2c2/0x500 mm/filemap.c:3347\n __generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\n generic_file_write_iter+0xdb/0x230 mm/filemap.c:3497\n call_write_iter include/linux/fs.h:2039 [inline]\n do_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\n do_iter_write+0x18c/0x710 fs/read_write.c:866\n vfs_writev+0x1db/0x6a0 fs/read_write.c:939\n do_pwritev fs/read_write.c:1036 [inline]\n __do_sys_pwritev fs/read_write.c:1083 [inline]\n __se_sys_pwritev fs/read_write.c:1078 [inline]\n __x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38328",
"url": "https://www.suse.com/security/cve/CVE-2025-38328"
},
{
"category": "external",
"summary": "SUSE Bug 1246249 for CVE-2025-38328",
"url": "https://bugzilla.suse.com/1246249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38328"
},
{
"cve": "CVE-2025-38332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Use memcpy() for BIOS version\n\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\n\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\n\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38332",
"url": "https://www.suse.com/security/cve/CVE-2025-38332"
},
{
"category": "external",
"summary": "SUSE Bug 1246375 for CVE-2025-38332",
"url": "https://bugzilla.suse.com/1246375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38332"
},
{
"cve": "CVE-2025-38334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38334"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don\u0027t want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn\u0027t enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit\u0027s better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn\u0027t change to avoid changing any of the\nlists\u0027 semantics except for sgx_active_page_list. There\u0027s a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn\u0027t completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38334",
"url": "https://www.suse.com/security/cve/CVE-2025-38334"
},
{
"category": "external",
"summary": "SUSE Bug 1246384 for CVE-2025-38334",
"url": "https://bugzilla.suse.com/1246384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38334"
},
{
"cve": "CVE-2025-38335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - fix a sleep while atomic with PREEMPT_RT\n\nWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in\nhard irq context, but the input_event() takes a spin_lock, which isn\u0027t\nallowed there as it is converted to a rt_spin_lock().\n\n[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0\n...\n[ 4054.290195] __might_resched+0x13c/0x1f4\n[ 4054.290209] rt_spin_lock+0x54/0x11c\n[ 4054.290219] input_event+0x48/0x80\n[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78\n[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438\n[ 4054.290257] hrtimer_interrupt+0xe4/0x240\n[ 4054.290269] arch_timer_handler_phys+0x2c/0x44\n[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c\n[ 4054.290297] handle_irq_desc+0x40/0x58\n[ 4054.290307] generic_handle_domain_irq+0x1c/0x28\n[ 4054.290316] gic_handle_irq+0x44/0xcc\n\nConsidering the gpio_keys_irq_isr() can run in any context, e.g. it can\nbe threaded, it seems there\u0027s no point in requesting the timer isr to\nrun in hard irq context.\n\nRelax the hrtimer not to use the hard context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38335",
"url": "https://www.suse.com/security/cve/CVE-2025-38335"
},
{
"category": "external",
"summary": "SUSE Bug 1246250 for CVE-2025-38335",
"url": "https://bugzilla.suse.com/1246250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38335"
},
{
"cve": "CVE-2025-38336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\n\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\n\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\n\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn\u0027t\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\n\nHDDs attached to the controller do not suffer from any DMA issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38336",
"url": "https://www.suse.com/security/cve/CVE-2025-38336"
},
{
"category": "external",
"summary": "SUSE Bug 1246370 for CVE-2025-38336",
"url": "https://bugzilla.suse.com/1246370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38336"
},
{
"cve": "CVE-2025-38337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\n\nSince handle-\u003eh_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\n\nAnd the following data-race was reported in my fuzzer:\n\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\n\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\n jbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\n jbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n __ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\n ext4_do_update_inode fs/ext4/inode.c:5220 [inline]\n ext4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n __ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\n ext4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\n\nvalue changed: 0x00000000 -\u003e 0x00000001\n==================================================================\n\nThis issue is caused by missing data-race annotation for jh-\u003eb_modified.\nTherefore, the missing annotation needs to be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38337",
"url": "https://www.suse.com/security/cve/CVE-2025-38337"
},
{
"category": "external",
"summary": "SUSE Bug 1246253 for CVE-2025-38337",
"url": "https://bugzilla.suse.com/1246253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38337"
},
{
"cve": "CVE-2025-38338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()\n\nSometimes, when a file was read while it was being truncated by\nanother NFS client, the kernel could deadlock because folio_unlock()\nwas called twice, and the second call would XOR back the `PG_locked`\nflag.\n\nMost of the time (depending on the timing of the truncation), nobody\nnotices the problem because folio_unlock() gets called three times,\nwhich flips `PG_locked` back off:\n\n 1. vfs_read, nfs_read_folio, ... nfs_read_add_folio,\n nfs_return_empty_folio\n 2. vfs_read, nfs_read_folio, ... netfs_read_collection,\n netfs_unlock_abandoned_read_pages\n 3. vfs_read, ... nfs_do_read_folio, nfs_read_add_folio,\n nfs_return_empty_folio\n\nThe problem is that nfs_read_add_folio() is not supposed to unlock the\nfolio if fscache is enabled, and a nfs_netfs_folio_unlock() check is\nmissing in nfs_return_empty_folio().\n\nRarely this leads to a warning in netfs_read_collection():\n\n ------------[ cut here ]------------\n R=0000031c: folio 10 is not locked\n WARNING: CPU: 0 PID: 29 at fs/netfs/read_collect.c:133 netfs_read_collection+0x7c0/0xf00\n [...]\n Workqueue: events_unbound netfs_read_collection_worker\n RIP: 0010:netfs_read_collection+0x7c0/0xf00\n [...]\n Call Trace:\n \u003cTASK\u003e\n netfs_read_collection_worker+0x67/0x80\n process_one_work+0x12e/0x2c0\n worker_thread+0x295/0x3a0\n\nMost of the time, however, processes just get stuck forever in\nfolio_wait_bit_common(), waiting for `PG_locked` to disappear, which\nnever happens because nobody is really holding the folio lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38338",
"url": "https://www.suse.com/security/cve/CVE-2025-38338"
},
{
"category": "external",
"summary": "SUSE Bug 1246258 for CVE-2025-38338",
"url": "https://bugzilla.suse.com/1246258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38338"
},
{
"cve": "CVE-2025-38342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoftware node: Correct a OOB check in software_node_get_reference_args()\n\nsoftware_node_get_reference_args() wants to get @index-th element, so\nthe property value requires at least \u0027(index + 1) * sizeof(*ref)\u0027 bytes\nbut that can not be guaranteed by current OOB check, and may cause OOB\nfor malformed property.\n\nFix by using as OOB check \u0027((index + 1) * sizeof(*ref) \u003e prop-\u003elength)\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38342",
"url": "https://www.suse.com/security/cve/CVE-2025-38342"
},
{
"category": "external",
"summary": "SUSE Bug 1246453 for CVE-2025-38342",
"url": "https://bugzilla.suse.com/1246453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38342"
},
{
"cve": "CVE-2025-38343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38343",
"url": "https://www.suse.com/security/cve/CVE-2025-38343"
},
{
"category": "external",
"summary": "SUSE Bug 1246438 for CVE-2025-38343",
"url": "https://bugzilla.suse.com/1246438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38343"
},
{
"cve": "CVE-2025-38344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi parse and parseext cache leaks\n\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\n\nI\u0027m Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\n\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\n\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\n\nI analyzed this memory leak in detail. I found that \"Acpi-State\" cache and\n\"Acpi-Parse\" cache were merged because the size of cache objects was same\nslab cache size.\n\nI finally found \"Acpi-Parse\" cache and \"Acpi-parse_ext\" cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\n\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38344",
"url": "https://www.suse.com/security/cve/CVE-2025-38344"
},
{
"category": "external",
"summary": "SUSE Bug 1246334 for CVE-2025-38344",
"url": "https://bugzilla.suse.com/1246334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38344"
},
{
"cve": "CVE-2025-38345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: fix acpi operand cache leak in dswstate.c\n\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\n\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\n\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\n\nBoot log of ACPI operand cache leak is as follows:\n\u003e[ 0.585957] ACPI: Added _OSI(Module Device)\n\u003e[ 0.587218] ACPI: Added _OSI(Processor Device)\n\u003e[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n\u003e[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n\u003e[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n\u003e[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n\u003e[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n\u003e[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n\u003e[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n\u003e[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n\u003e[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n\u003e[ 0.609177] Call Trace:\n\u003e[ 0.610063] ? dump_stack+0x5c/0x81\n\u003e[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n\u003e[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n\u003e[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n\u003e[ 0.619293] ? acpi_terminate+0xa/0x14\n\u003e[ 0.620394] ? acpi_init+0x2af/0x34f\n\u003e[ 0.621616] ? __class_create+0x4c/0x80\n\u003e[ 0.623412] ? video_setup+0x7f/0x7f\n\u003e[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n\u003e[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n\u003e[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n\u003e[ 0.628972] ? rest_init+0x80/0x80\n\u003e[ 0.630043] ? kernel_init+0xa/0x100\n\u003e[ 0.631084] ? ret_from_fork+0x25/0x30\n\u003e[ 0.633343] vgaarb: loaded\n\u003e[ 0.635036] EDAC MC: Ver: 3.0.0\n\u003e[ 0.638601] PCI: Probing PCI hardware\n\u003e[ 0.639833] PCI host bridge to bus 0000:00\n\u003e[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n\u003e ... Continue to boot and log is omitted ...\n\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state-\u003eoperand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\n\nThis cache leak causes a security threat because an old kernel (\u003c= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\n\nI made a patch to fix ACPI operand cache leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38345",
"url": "https://www.suse.com/security/cve/CVE-2025-38345"
},
{
"category": "external",
"summary": "SUSE Bug 1246337 for CVE-2025-38345",
"url": "https://bugzilla.suse.com/1246337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38345"
},
{
"cve": "CVE-2025-38348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\n\nRobert Morris reported:\n\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom-\u003ev1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv-\u003eeeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb-\u003edata;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr-\u003edata;\n|\n| if (priv-\u003efw_var \u003e= 0x509) {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev2.data,\n| le16_to_cpu(eeprom-\u003ev2.len));\n| } else {\n| memcpy(priv-\u003eeeprom, eeprom-\u003ev1.data,\n| le16_to_cpu(eeprom-\u003ev1.len));\n| }\n| [...]\n\nThe eeprom-\u003ev{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it\u0027s possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\n\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\n\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload \u003ea\u003c firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38348",
"url": "https://www.suse.com/security/cve/CVE-2025-38348"
},
{
"category": "external",
"summary": "SUSE Bug 1246262 for CVE-2025-38348",
"url": "https://bugzilla.suse.com/1246262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38348"
},
{
"cve": "CVE-2025-38349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don\u0027t decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That\u0027s very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it\u0027s wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we\u0027re\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it\u0027s not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren\u0027t the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the \u0027ep\u0027 as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn\u0027t need mutex protection (that\u0027s\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38349",
"url": "https://www.suse.com/security/cve/CVE-2025-38349"
},
{
"category": "external",
"summary": "SUSE Bug 1246777 for CVE-2025-38349",
"url": "https://bugzilla.suse.com/1246777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38349"
},
{
"cve": "CVE-2025-38350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Always pass notifications when child class becomes empty\n\nCertain classful qdiscs may invoke their classes\u0027 dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\n\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent\u0027s parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\n\n tc qdisc add dev lo root handle 1: drr\n tc filter add dev lo parent 1: basic classid 1:1\n tc class add dev lo parent 1: classid 1:1 drr\n tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\n tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\n tc qdisc add dev lo parent 2:1 handle 3: netem\n tc qdisc add dev lo parent 3:1 handle 4: blackhole\n\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n tc class delete dev lo classid 1:1\n echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\n\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38350",
"url": "https://www.suse.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "SUSE Bug 1246781 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1246781"
},
{
"category": "external",
"summary": "SUSE Bug 1247043 for CVE-2025-38350",
"url": "https://bugzilla.suse.com/1247043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38350"
},
{
"cve": "CVE-2025-38352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won\u0027t be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(\u0026tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38352",
"url": "https://www.suse.com/security/cve/CVE-2025-38352"
},
{
"category": "external",
"summary": "SUSE Bug 1246911 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1246911"
},
{
"category": "external",
"summary": "SUSE Bug 1249205 for CVE-2025-38352",
"url": "https://bugzilla.suse.com/1249205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38352"
},
{
"cve": "CVE-2025-38354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gpu: Fix crash when throttling GPU immediately during boot\n\nThere is a small chance that the GPU is already hot during boot. In that\ncase, the call to of_devfreq_cooling_register() will immediately try to\napply devfreq cooling, as seen in the following crash:\n\n Unable to handle kernel paging request at virtual address 0000000000014110\n pc : a6xx_gpu_busy+0x1c/0x58 [msm]\n lr : msm_devfreq_get_dev_status+0xbc/0x140 [msm]\n Call trace:\n a6xx_gpu_busy+0x1c/0x58 [msm] (P)\n devfreq_simple_ondemand_func+0x3c/0x150\n devfreq_update_target+0x44/0xd8\n qos_max_notifier_call+0x30/0x84\n blocking_notifier_call_chain+0x6c/0xa0\n pm_qos_update_target+0xd0/0x110\n freq_qos_apply+0x3c/0x74\n apply_constraint+0x88/0x148\n __dev_pm_qos_update_request+0x7c/0xcc\n dev_pm_qos_update_request+0x38/0x5c\n devfreq_cooling_set_cur_state+0x98/0xf0\n __thermal_cdev_update+0x64/0xb4\n thermal_cdev_update+0x4c/0x58\n step_wise_manage+0x1f0/0x318\n __thermal_zone_device_update+0x278/0x424\n __thermal_cooling_device_register+0x2bc/0x308\n thermal_of_cooling_device_register+0x10/0x1c\n of_devfreq_cooling_register_power+0x240/0x2bc\n of_devfreq_cooling_register+0x14/0x20\n msm_devfreq_init+0xc4/0x1a0 [msm]\n msm_gpu_init+0x304/0x574 [msm]\n adreno_gpu_init+0x1c4/0x2e0 [msm]\n a6xx_gpu_init+0x5c8/0x9c8 [msm]\n adreno_bind+0x2a8/0x33c [msm]\n ...\n\nAt this point we haven\u0027t initialized the GMU at all yet, so we cannot read\nthe GMU registers inside a6xx_gpu_busy(). A similar issue was fixed before\nin commit 6694482a70e9 (\"drm/msm: Avoid unclocked GMU register access in\n6xx gpu_busy\"): msm_devfreq_init() does call devfreq_suspend_device(), but\nunlike msm_devfreq_suspend(), it doesn\u0027t set the df-\u003esuspended flag\naccordingly. This means the df-\u003esuspended flag does not match the actual\ndevfreq state after initialization and msm_devfreq_get_dev_status() will\nend up accessing GMU registers, causing the crash.\n\nFix this by setting df-\u003esuspended correctly during initialization.\n\nPatchwork: https://patchwork.freedesktop.org/patch/650772/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38354",
"url": "https://www.suse.com/security/cve/CVE-2025-38354"
},
{
"category": "external",
"summary": "SUSE Bug 1247061 for CVE-2025-38354",
"url": "https://bugzilla.suse.com/1247061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38354"
},
{
"cve": "CVE-2025-38362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check for get_first_active_display()\n\nThe function mod_hdcp_hdcp1_enable_encryption() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference in\nmod_hdcp_hdcp2_enable_encryption().\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38362",
"url": "https://www.suse.com/security/cve/CVE-2025-38362"
},
{
"category": "external",
"summary": "SUSE Bug 1247089 for CVE-2025-38362",
"url": "https://bugzilla.suse.com/1247089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38362"
},
{
"cve": "CVE-2025-38363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix a possible null pointer dereference\n\nIn tegra_crtc_reset(), new memory is allocated with kzalloc(), but\nno check is performed. Before calling __drm_atomic_helper_crtc_reset,\nstate should be checked to prevent possible null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38363",
"url": "https://www.suse.com/security/cve/CVE-2025-38363"
},
{
"category": "external",
"summary": "SUSE Bug 1247018 for CVE-2025-38363",
"url": "https://bugzilla.suse.com/1247018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38363"
},
{
"cve": "CVE-2025-38364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()\n\nTemporarily clear the preallocation flag when explicitly requesting\nallocations. Pre-existing allocations are already counted against the\nrequest through mas_node_count_gfp(), but the allocations will not happen\nif the MA_STATE_PREALLOC flag is set. This flag is meant to avoid\nre-allocating in bulk allocation mode, and to detect issues with\npreallocation calculations.\n\nThe MA_STATE_PREALLOC flag should also always be set on zero allocations\nso that detection of underflow allocations will print a WARN_ON() during\nconsumption.\n\nUser visible effect of this flaw is a WARN_ON() followed by a null pointer\ndereference when subsequent requests for larger number of nodes is\nignored, such as the vma merge retry in mmap_region() caused by drivers\naltering the vma flags (which happens in v6.6, at least)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38364",
"url": "https://www.suse.com/security/cve/CVE-2025-38364"
},
{
"category": "external",
"summary": "SUSE Bug 1247091 for CVE-2025-38364",
"url": "https://bugzilla.suse.com/1247091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38364"
},
{
"cve": "CVE-2025-38365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix a race between renames and directory logging\n\nWe have a race between a rename and directory inode logging that if it\nhappens and we crash/power fail before the rename completes, the next time\nthe filesystem is mounted, the log replay code will end up deleting the\nfile that was being renamed.\n\nThis is best explained following a step by step analysis of an interleaving\nof steps that lead into this situation.\n\nConsider the initial conditions:\n\n1) We are at transaction N;\n\n2) We have directories A and B created in a past transaction (\u003c N);\n\n3) We have inode X corresponding to a file that has 2 hardlinks, one in\n directory A and the other in directory B, so we\u0027ll name them as\n \"A/foo_link1\" and \"B/foo_link2\". Both hard links were persisted in a\n past transaction (\u003c N);\n\n4) We have inode Y corresponding to a file that as a single hard link and\n is located in directory A, we\u0027ll name it as \"A/bar\". This file was also\n persisted in a past transaction (\u003c N).\n\nThe steps leading to a file loss are the following and for all of them we\nare under transaction N:\n\n 1) Link \"A/foo_link1\" is removed, so inode\u0027s X last_unlink_trans field\n is updated to N, through btrfs_unlink() -\u003e btrfs_record_unlink_dir();\n\n 2) Task A starts a rename for inode Y, with the goal of renaming from\n \"A/bar\" to \"A/baz\", so we enter btrfs_rename();\n\n 3) Task A inserts the new BTRFS_INODE_REF_KEY for inode Y by calling\n btrfs_insert_inode_ref();\n\n 4) Because the rename happens in the same directory, we don\u0027t set the\n last_unlink_trans field of directoty A\u0027s inode to the current\n transaction id, that is, we don\u0027t cal btrfs_record_unlink_dir();\n\n 5) Task A then removes the entries from directory A (BTRFS_DIR_ITEM_KEY\n and BTRFS_DIR_INDEX_KEY items) when calling __btrfs_unlink_inode()\n (actually the dir index item is added as a delayed item, but the\n effect is the same);\n\n 6) Now before task A adds the new entry \"A/baz\" to directory A by\n calling btrfs_add_link(), another task, task B is logging inode X;\n\n 7) Task B starts a fsync of inode X and after logging inode X, at\n btrfs_log_inode_parent() it calls btrfs_log_all_parents(), since\n inode X has a last_unlink_trans value of N, set at in step 1;\n\n 8) At btrfs_log_all_parents() we search for all parent directories of\n inode X using the commit root, so we find directories A and B and log\n them. Bu when logging direct A, we don\u0027t have a dir index item for\n inode Y anymore, neither the old name \"A/bar\" nor for the new name\n \"A/baz\" since the rename has deleted the old name but has not yet\n inserted the new name - task A hasn\u0027t called yet btrfs_add_link() to\n do that.\n\n Note that logging directory A doesn\u0027t fallback to a transaction\n commit because its last_unlink_trans has a lower value than the\n current transaction\u0027s id (see step 4);\n\n 9) Task B finishes logging directories A and B and gets back to\n btrfs_sync_file() where it calls btrfs_sync_log() to persist the log\n tree;\n\n10) Task B successfully persisted the log tree, btrfs_sync_log() completed\n with success, and a power failure happened.\n\n We have a log tree without any directory entry for inode Y, so the\n log replay code deletes the entry for inode Y, name \"A/bar\", from the\n subvolume tree since it doesn\u0027t exist in the log tree and the log\n tree is authorative for its index (we logged a BTRFS_DIR_LOG_INDEX_KEY\n item that covers the index range for the dentry that corresponds to\n \"A/bar\").\n\n Since there\u0027s no other hard link for inode Y and the log replay code\n deletes the name \"A/bar\", the file is lost.\n\nThe issue wouldn\u0027t happen if task B synced the log only after task A\ncalled btrfs_log_new_name(), which would update the log with the new name\nfor inode Y (\"A/bar\").\n\nFix this by pinning the log root during renames before removing the old\ndirectory entry, and unpinning af\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38365",
"url": "https://www.suse.com/security/cve/CVE-2025-38365"
},
{
"category": "external",
"summary": "SUSE Bug 1247023 for CVE-2025-38365",
"url": "https://bugzilla.suse.com/1247023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38365"
},
{
"cve": "CVE-2025-38369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt\u0027s necessary to check wq-\u003ewq and skip the drain if it no longer exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38369",
"url": "https://www.suse.com/security/cve/CVE-2025-38369"
},
{
"category": "external",
"summary": "SUSE Bug 1247209 for CVE-2025-38369",
"url": "https://bugzilla.suse.com/1247209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38369"
},
{
"cve": "CVE-2025-38371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Disable interrupts before resetting the GPU\n\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n\n [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n [ 314.043822] Mem abort info:\n [ 314.046606] ESR = 0x0000000096000005\n [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 314.055651] SET = 0, FnV = 0\n [ 314.058695] EA = 0, S1PTW = 0\n [ 314.061826] FSC = 0x05: level 1 translation fault\n [ 314.066694] Data abort info:\n [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n [ 314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n [ 314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n [ 314.160198] sp : ffffffc080003ea0\n [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n [ 314.234807] Call trace:\n [ 314.237243] v3d_irq+0xec/0x2e0 [v3d]\n [ 314.240906] __handle_irq_event_percpu+0x58/0x218\n [ 314.245609] handle_irq_event+0x54/0xb8\n [ 314.249439] handle_fasteoi_irq+0xac/0x240\n [ 314.253527] handle_irq_desc+0x48/0x68\n [ 314.257269] generic_handle_domain_irq+0x24/0x38\n [ 314.261879] gic_handle_irq+0x48/0xd8\n [ 314.265533] call_on_irq_stack+0x24/0x58\n [ 314.269448] do_interrupt_handler+0x88/0x98\n [ 314.273624] el1_interrupt+0x34/0x68\n [ 314.277193] el1h_64_irq_handler+0x18/0x28\n [ 314.281281] el1h_64_irq+0x64/0x68\n [ 314.284673] default_idle_call+0x3c/0x168\n [ 314.288675] do_idle+0x1fc/0x230\n [ 314.291895] cpu_startup_entry+0x3c/0x50\n [ 314.295810] rest_init+0xe4/0xf0\n [ 314.299030] start_kernel+0x5e8/0x790\n [ 314.302684] __primary_switched+0x80/0x90\n [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n [ 314.312775] ---[ end trace 0000000000000000 ]---\n [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n [ 314.324249] SMP: stopping secondary CPUs\n [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n [ 314.334076] PHYS_OFFSET: 0x0\n [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n [ 314.342337] Memory Limit: none\n [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nBefore resetting the G\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38371",
"url": "https://www.suse.com/security/cve/CVE-2025-38371"
},
{
"category": "external",
"summary": "SUSE Bug 1247178 for CVE-2025-38371",
"url": "https://bugzilla.suse.com/1247178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38371"
},
{
"cve": "CVE-2025-38373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n \u2192 revoke_mr() |\n \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | \u2192 mlx5r_cache_create_ent_locked()\n | \u2192 kzalloc(GFP_KERNEL)\n | \u2192 fs_reclaim()\n | \u2192 mmu_notifier_invalidate_range_start()\n | \u2192 mlx5_ib_invalidate_range()\n | \u2192 mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n \u2192 cache_ent_find_and_store() |\n \u2192 mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don\u0027t hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38373",
"url": "https://www.suse.com/security/cve/CVE-2025-38373"
},
{
"category": "external",
"summary": "SUSE Bug 1247033 for CVE-2025-38373",
"url": "https://bugzilla.suse.com/1247033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38373"
},
{
"cve": "CVE-2025-38375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38375",
"url": "https://www.suse.com/security/cve/CVE-2025-38375"
},
{
"category": "external",
"summary": "SUSE Bug 1247177 for CVE-2025-38375",
"url": "https://bugzilla.suse.com/1247177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38375"
},
{
"cve": "CVE-2025-38376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: disconnect/reconnect from host when do suspend/resume\n\nShawn and John reported a hang issue during system suspend as below:\n\n - USB gadget is enabled as Ethernet\n - There is data transfer over USB Ethernet (scp a big file between host\n and device)\n - Device is going in/out suspend (echo mem \u003e /sys/power/state)\n\nThe root cause is the USB device controller is suspended but the USB bus\nis still active which caused the USB host continues to transfer data with\ndevice and the device continues to queue USB requests (in this case, a\ndelayed TCP ACK packet trigger the issue) after controller is suspended,\nhowever the USB controller clock is already gated off. Then if udc driver\naccess registers after that point, the system will hang.\n\nThe correct way to avoid such issue is to disconnect device from host when\nthe USB bus is not at suspend state. Then the host will receive disconnect\nevent and stop data transfer in time. To continue make USB gadget device\nwork after system resume, this will reconnect device automatically.\n\nTo make usb wakeup work if USB bus is already at suspend state, this will\nkeep connection for it only when USB device controller has enabled wakeup\ncapability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38376",
"url": "https://www.suse.com/security/cve/CVE-2025-38376"
},
{
"category": "external",
"summary": "SUSE Bug 1247176 for CVE-2025-38376",
"url": "https://bugzilla.suse.com/1247176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38376"
},
{
"cve": "CVE-2025-38377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: fix dangling neighbour pointers in rose_rt_device_down()\n\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n\n1. The loop bound `t-\u003ecount` is modified within the loop, which can\n cause the loop to terminate early and miss some entries.\n\n2. When removing an entry from the neighbour array, the subsequent entries\n are moved up to fill the gap, but the loop index `i` is still\n incremented, causing the next entry to be skipped.\n\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\n\n i=0: (A, A, B) -\u003e (A, B) with count=2\n ^ checked\n i=1: (A, B) -\u003e (A, B) with count=2\n ^ checked (B, not A!)\n i=2: (doesn\u0027t occur because i \u003c count is false)\n\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\n\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn\u0027t affect subsequent iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38377",
"url": "https://www.suse.com/security/cve/CVE-2025-38377"
},
{
"category": "external",
"summary": "SUSE Bug 1247174 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247174"
},
{
"category": "external",
"summary": "SUSE Bug 1247175 for CVE-2025-38377",
"url": "https://bugzilla.suse.com/1247175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38377"
},
{
"cve": "CVE-2025-38380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38380"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38380",
"url": "https://www.suse.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "SUSE Bug 1247028 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247028"
},
{
"category": "external",
"summary": "SUSE Bug 1247029 for CVE-2025-38380",
"url": "https://bugzilla.suse.com/1247029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38380"
},
{
"cve": "CVE-2025-38382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38382"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven\u0027t\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref\u0027s name\nlength.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38382",
"url": "https://www.suse.com/security/cve/CVE-2025-38382"
},
{
"category": "external",
"summary": "SUSE Bug 1247031 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247031"
},
{
"category": "external",
"summary": "SUSE Bug 1247032 for CVE-2025-38382",
"url": "https://bugzilla.suse.com/1247032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38382"
},
{
"cve": "CVE-2025-38384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n comm \"swapper/0\", pid 1, jiffies 4294937458\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace (crc 0):\n kmemleak_alloc+0x30/0x40\n __kmalloc_cache_noprof+0x208/0x3c0\n spinand_ondie_ecc_init_ctx+0x114/0x200\n nand_ecc_init_ctx+0x70/0xa8\n nanddev_ecc_engine_init+0xec/0x27c\n spinand_probe+0xa2c/0x1620\n spi_mem_probe+0x130/0x21c\n spi_probe+0xf0/0x170\n really_probe+0x17c/0x6e8\n __driver_probe_device+0x17c/0x21c\n driver_probe_device+0x58/0x180\n __device_attach_driver+0x15c/0x1f8\n bus_for_each_drv+0xec/0x150\n __device_attach+0x188/0x24c\n device_initial_probe+0x10/0x20\n bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38384",
"url": "https://www.suse.com/security/cve/CVE-2025-38384"
},
{
"category": "external",
"summary": "SUSE Bug 1247035 for CVE-2025-38384",
"url": "https://bugzilla.suse.com/1247035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "low"
}
],
"title": "CVE-2025-38384"
},
{
"cve": "CVE-2025-38385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n __netif_napi_del_locked+0x2b4/0x350 (P)\n lan78xx_disconnect+0xf4/0x360\n usb_unbind_interface+0x158/0x718\n device_remove+0x100/0x150\n device_release_driver_internal+0x308/0x478\n device_release_driver+0x1c/0x30\n bus_remove_device+0x1a8/0x368\n device_del+0x2e0/0x7b0\n usb_disable_device+0x244/0x540\n usb_disconnect+0x220/0x758\n hub_event+0x105c/0x35e0\n process_one_work+0x760/0x17b0\n worker_thread+0x768/0xce8\n kthread+0x3bc/0x690\n ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last enabled at (211603): [\u003cffffffc0828cc9ec\u003e] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [\u003cffffffc0828a9a84\u003e] el1_dbg+0x24/0x80\n softirqs last enabled at (211296): [\u003cffffffc080095f10\u003e] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [\u003cffffffc080010288\u003e] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38385",
"url": "https://www.suse.com/security/cve/CVE-2025-38385"
},
{
"category": "external",
"summary": "SUSE Bug 1247149 for CVE-2025-38385",
"url": "https://bugzilla.suse.com/1247149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "low"
}
],
"title": "CVE-2025-38385"
},
{
"cve": "CVE-2025-38386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38386",
"url": "https://www.suse.com/security/cve/CVE-2025-38386"
},
{
"category": "external",
"summary": "SUSE Bug 1247138 for CVE-2025-38386",
"url": "https://bugzilla.suse.com/1247138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38386"
},
{
"cve": "CVE-2025-38387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38387"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event-\u003eobj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer. This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G OE K 5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n dispatch_event_fd+0x68/0x300 [mlx5_ib]\n devx_event_notifier+0xcc/0x228 [mlx5_ib]\n atomic_notifier_call_chain+0x58/0x80\n mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n atomic_notifier_call_chain+0x58/0x80\n irq_int_handler+0x20/0x30 [mlx5_core]\n __handle_irq_event_percpu+0x60/0x220\n handle_irq_event_percpu+0x3c/0x90\n handle_irq_event+0x58/0x158\n handle_fasteoi_irq+0xfc/0x188\n generic_handle_irq+0x34/0x48\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38387",
"url": "https://www.suse.com/security/cve/CVE-2025-38387"
},
{
"category": "external",
"summary": "SUSE Bug 1247154 for CVE-2025-38387",
"url": "https://bugzilla.suse.com/1247154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38387"
},
{
"cve": "CVE-2025-38389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38389"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n\u003c4\u003e [239.330153] ------------[ cut here ]------------\n\u003c4\u003e [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv-\u003emm.shrink_count)\n\u003c4\u003e [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n\u003c4\u003e [239.330942] Call Trace:\n\u003c4\u003e [239.330944] \u003cTASK\u003e\n\u003c4\u003e [239.330949] i915_driver_late_release+0x2b/0xa0 [i915]\n\u003c4\u003e [239.331202] i915_driver_release+0x86/0xa0 [i915]\n\u003c4\u003e [239.331482] devm_drm_dev_init_release+0x61/0x90\n\u003c4\u003e [239.331494] devm_action_release+0x15/0x30\n\u003c4\u003e [239.331504] release_nodes+0x3d/0x120\n\u003c4\u003e [239.331517] devres_release_all+0x96/0xd0\n\u003c4\u003e [239.331533] device_unbind_cleanup+0x12/0x80\n\u003c4\u003e [239.331543] device_release_driver_internal+0x23a/0x280\n\u003c4\u003e [239.331550] ? bus_find_device+0xa5/0xe0\n\u003c4\u003e [239.331563] device_driver_detach+0x14/0x20\n...\n\u003c4\u003e [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that\u0027s followed with:\n\n\u003c3\u003e [357.787478] =============================================================================\n\u003c3\u003e [357.788006] BUG i915_vma (Tainted: G U W N ): Objects remaining on __kmem_cache_shutdown()\n\u003c3\u003e [357.788031] -----------------------------------------------------------------------------\n\u003c3\u003e [357.788204] Object 0xffff888109e7f480 @offset=29824\n\u003c3\u003e [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n\u003c4\u003e [357.788994] i915_vma_instance+0xee/0xc10 [i915]\n\u003c4\u003e [357.789290] init_status_page+0x7b/0x420 [i915]\n\u003c4\u003e [357.789532] intel_engines_init+0x1d8/0x980 [i915]\n\u003c4\u003e [357.789772] intel_gt_init+0x175/0x450 [i915]\n\u003c4\u003e [357.790014] i915_gem_init+0x113/0x340 [i915]\n\u003c4\u003e [357.790281] i915_driver_probe+0x847/0xed0 [i915]\n\u003c4\u003e [357.790504] i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals. Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain. The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine\u0027s legacy timeline and then allocates a VMA. If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced. On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage\u0027s VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine\u0027s VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n Both execlists and GuC submission use lrc_alloc() which seems free\n from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38389",
"url": "https://www.suse.com/security/cve/CVE-2025-38389"
},
{
"category": "external",
"summary": "SUSE Bug 1247153 for CVE-2025-38389",
"url": "https://bugzilla.suse.com/1247153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38389"
},
{
"cve": "CVE-2025-38391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\n\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\n\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i \u003c DP_PIN_ASSIGN_MAX as a loop\ncondition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38391",
"url": "https://www.suse.com/security/cve/CVE-2025-38391"
},
{
"category": "external",
"summary": "SUSE Bug 1247181 for CVE-2025-38391",
"url": "https://bugzilla.suse.com/1247181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38391"
},
{
"cve": "CVE-2025-38392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert control queue mutex to a spinlock\n\nWith VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated\non module load:\n\n[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578\n[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager\n[ 324.701689] preempt_count: 201, expected: 0\n[ 324.701693] RCU nest depth: 0, expected: 0\n[ 324.701697] 2 locks held by NetworkManager/1582:\n[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0\n[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870\n[ 324.701749] Preemption disabled at:\n[ 324.701752] [\u003cffffffff9cd23b9d\u003e] __dev_open+0x3dd/0x870\n[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)\n[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022\n[ 324.701774] Call Trace:\n[ 324.701777] \u003cTASK\u003e\n[ 324.701779] dump_stack_lvl+0x5d/0x80\n[ 324.701788] ? __dev_open+0x3dd/0x870\n[ 324.701793] __might_resched.cold+0x1ef/0x23d\n\u003c..\u003e\n[ 324.701818] __mutex_lock+0x113/0x1b80\n\u003c..\u003e\n[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]\n[ 324.701935] ? kasan_save_track+0x14/0x30\n[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]\n\u003c..\u003e\n[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]\n[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]\n[ 324.702021] ? rcu_is_watching+0x12/0xc0\n[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]\n\u003c..\u003e\n[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300\n[ 324.702126] ? find_held_lock+0x32/0x90\n[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]\n[ 324.702152] __dev_open+0x3f8/0x870\n[ 324.702159] ? __pfx___dev_open+0x10/0x10\n[ 324.702174] __dev_change_flags+0x443/0x650\n\u003c..\u003e\n[ 324.702208] netif_change_flags+0x80/0x160\n[ 324.702218] do_setlink.isra.0+0x16a0/0x3960\n\u003c..\u003e\n[ 324.702349] rtnl_newlink+0x12fd/0x21e0\n\nThe sequence is as follows:\n\trtnl_newlink()-\u003e\n\t__dev_change_flags()-\u003e\n\t__dev_open()-\u003e\n\tdev_set_rx_mode() - \u003e # disables BH and grabs \"dev-\u003eaddr_list_lock\"\n\tidpf_set_rx_mode() -\u003e # proceed only if VIRTCHNL2_CAP_MACFILTER is ON\n\t__dev_uc_sync() -\u003e\n\tidpf_add_mac_filter -\u003e\n\tidpf_add_del_mac_filters -\u003e\n\tidpf_send_mb_msg() -\u003e\n\tidpf_mb_clean() -\u003e\n\tidpf_ctlq_clean_sq() # mutex_lock(cq_lock)\n\nFix by converting cq_lock to a spinlock. All operations under the new\nlock are safe except freeing the DMA memory, which may use vunmap(). Fix\nby requesting a contiguous physical memory for the DMA mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38392",
"url": "https://www.suse.com/security/cve/CVE-2025-38392"
},
{
"category": "external",
"summary": "SUSE Bug 1247169 for CVE-2025-38392",
"url": "https://bugzilla.suse.com/1247169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38392"
},
{
"cve": "CVE-2025-38393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN\n\nWe found a few different systems hung up in writeback waiting on the same\npage lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in\npnfs_update_layout(), however the pnfs_layout_hdr\u0027s plh_outstanding count\nwas zero.\n\nIt seems most likely that this is another race between the waiter and waker\nsimilar to commit ed0172af5d6f (\"SUNRPC: Fix a race to wake a sync task\").\nFix it up by applying the advised barrier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38393",
"url": "https://www.suse.com/security/cve/CVE-2025-38393"
},
{
"category": "external",
"summary": "SUSE Bug 1247170 for CVE-2025-38393",
"url": "https://bugzilla.suse.com/1247170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38393"
},
{
"cve": "CVE-2025-38395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n\ndrvdata::gpiods is supposed to hold an array of \u0027gpio_desc\u0027 pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if \u0027config::ngpios\u0027 is \u003e 1. So\nfix the code to allocate enough memory to hold \u0027config::ngpios\u0027 of GPIO\ndescriptors.\n\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38395",
"url": "https://www.suse.com/security/cve/CVE-2025-38395"
},
{
"category": "external",
"summary": "SUSE Bug 1247171 for CVE-2025-38395",
"url": "https://bugzilla.suse.com/1247171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38395"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38399"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()\n\nThe function core_scsi3_decode_spec_i_port(), in its error code path,\nunconditionally calls core_scsi3_lunacl_undepend_item() passing the\ndest_se_deve pointer, which may be NULL.\n\nThis can lead to a NULL pointer dereference if dest_se_deve remains\nunset.\n\nSPC-3 PR SPEC_I_PT: Unable to locate dest_tpg\nUnable to handle kernel paging request at virtual address dfff800000000012\nCall trace:\n core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)\n core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]\n core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]\n target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]\n\nFix this by adding a NULL check before calling\ncore_scsi3_lunacl_undepend_item()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38399",
"url": "https://www.suse.com/security/cve/CVE-2025-38399"
},
{
"category": "external",
"summary": "SUSE Bug 1247097 for CVE-2025-38399",
"url": "https://bugzilla.suse.com/1247097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38399"
},
{
"cve": "CVE-2025-38400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38400"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\n\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\n\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\n\nLet\u0027s handle the error of nfs_fs_proc_net_init() properly.\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n should_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\n should_failslab (mm/failslab.c:46)\n kmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n __proc_create (fs/proc/generic.c:427)\n proc_create_reg (fs/proc/generic.c:554)\n proc_create_net_data (fs/proc/proc_net.c:120)\n nfs_fs_proc_net_init (fs/nfs/client.c:1409)\n nfs_net_init (fs/nfs/inode.c:2600)\n ops_init (net/core/net_namespace.c:138)\n setup_net (net/core/net_namespace.c:443)\n copy_net_ns (net/core/net_namespace.c:576)\n create_new_namespaces (kernel/nsproxy.c:110)\n unshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\n ksys_unshare (kernel/fork.c:3123)\n __x64_sys_unshare (kernel/fork.c:3190)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003c/TASK\u003e\n\n[1]:\nremove_proc_entry: removing non-empty directory \u0027net/rpc\u0027, leaking at least \u0027nfs\u0027\n WARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n RIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 \u003c0f\u003e 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS: 0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n sunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\n ops_exit_list net/core/net_namespace.c:200 [inline]\n ops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\n setup_net+0x2e1/0x510 net/core/net_namespace.c:457\n copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\n create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\n ksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n __do_sys_unshare kernel/fork.c:3192 [inline]\n __se_sys_unshare kernel/fork.c:3190 [inline]\n __x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38400",
"url": "https://www.suse.com/security/cve/CVE-2025-38400"
},
{
"category": "external",
"summary": "SUSE Bug 1247123 for CVE-2025-38400",
"url": "https://bugzilla.suse.com/1247123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38400"
},
{
"cve": "CVE-2025-38401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtk-sd: Prevent memory corruption from DMA map failure\n\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38401",
"url": "https://www.suse.com/security/cve/CVE-2025-38401"
},
{
"category": "external",
"summary": "SUSE Bug 1247125 for CVE-2025-38401",
"url": "https://bugzilla.suse.com/1247125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38401"
},
{
"cve": "CVE-2025-38403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38403"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38403",
"url": "https://www.suse.com/security/cve/CVE-2025-38403"
},
{
"category": "external",
"summary": "SUSE Bug 1247141 for CVE-2025-38403",
"url": "https://bugzilla.suse.com/1247141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38404"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: displayport: Fix potential deadlock\n\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -\u003e dp_altmode_vdm() -\u003e\n3. typec_altmode_exit() -\u003e cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\n\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38404",
"url": "https://www.suse.com/security/cve/CVE-2025-38404"
},
{
"category": "external",
"summary": "SUSE Bug 1247271 for CVE-2025-38404",
"url": "https://bugzilla.suse.com/1247271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38404"
},
{
"cve": "CVE-2025-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38406",
"url": "https://www.suse.com/security/cve/CVE-2025-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1247210 for CVE-2025-38406",
"url": "https://bugzilla.suse.com/1247210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38406"
},
{
"cve": "CVE-2025-38409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38409"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn\u0027t free the installed file, if we\u0027ve already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38409",
"url": "https://www.suse.com/security/cve/CVE-2025-38409"
},
{
"category": "external",
"summary": "SUSE Bug 1247285 for CVE-2025-38409",
"url": "https://bugzilla.suse.com/1247285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "low"
}
],
"title": "CVE-2025-38409"
},
{
"cve": "CVE-2025-38410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38410"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix a fence leak in submit error path\n\nIn error paths, we could unref the submit without calling\ndrm_sched_entity_push_job(), so msm_job_free() will never get\ncalled. Since drm_sched_job_cleanup() will NULL out the\ns_fence, we can use that to detect this case.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653584/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38410",
"url": "https://www.suse.com/security/cve/CVE-2025-38410"
},
{
"category": "external",
"summary": "SUSE Bug 1247128 for CVE-2025-38410",
"url": "https://bugzilla.suse.com/1247128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38410"
},
{
"cve": "CVE-2025-38412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks\n\nAfter retrieving WMI data blocks in sysfs callbacks, check for the\nvalidity of them before dereferencing their content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38412",
"url": "https://www.suse.com/security/cve/CVE-2025-38412"
},
{
"category": "external",
"summary": "SUSE Bug 1247132 for CVE-2025-38412",
"url": "https://bugzilla.suse.com/1247132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38412"
},
{
"cve": "CVE-2025-38414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38414",
"url": "https://www.suse.com/security/cve/CVE-2025-38414"
},
{
"category": "external",
"summary": "SUSE Bug 1247145 for CVE-2025-38414",
"url": "https://bugzilla.suse.com/1247145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38414"
},
{
"cve": "CVE-2025-38415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38415",
"url": "https://www.suse.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "SUSE Bug 1247147 for CVE-2025-38415",
"url": "https://bugzilla.suse.com/1247147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38416"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: uart: Set tty-\u003edisc_data only in success path\n\nSetting tty-\u003edisc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty-\u003edisc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\n\nThe code differs in error path in one aspect: tty-\u003edisc_data won\u0027t be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty-\u003edisc_data=NULL\" in nci_uart_tty_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38416",
"url": "https://www.suse.com/security/cve/CVE-2025-38416"
},
{
"category": "external",
"summary": "SUSE Bug 1247151 for CVE-2025-38416",
"url": "https://bugzilla.suse.com/1247151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38416"
},
{
"cve": "CVE-2025-38420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: do not ping device which has failed to load firmware\n\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn\u0027t pass \u0027ieee80211_register_hw()\u0027, an internal workqueue\nmanaged by \u0027ieee80211_queue_work()\u0027 is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38420",
"url": "https://www.suse.com/security/cve/CVE-2025-38420"
},
{
"category": "external",
"summary": "SUSE Bug 1247279 for CVE-2025-38420",
"url": "https://bugzilla.suse.com/1247279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38420"
},
{
"cve": "CVE-2025-38424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix sample vs do_exit()\n\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\n\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()\u0027s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\n\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\n\nFlip this order by moving up where we stop perf in do_exit().\n\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current-\u003emm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don\u0027t trip on this same problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38424",
"url": "https://www.suse.com/security/cve/CVE-2025-38424"
},
{
"category": "external",
"summary": "SUSE Bug 1247293 for CVE-2025-38424",
"url": "https://bugzilla.suse.com/1247293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38424"
},
{
"cve": "CVE-2025-38425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is \u00270\u0027 or greater than the maximum allowed bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38425",
"url": "https://www.suse.com/security/cve/CVE-2025-38425"
},
{
"category": "external",
"summary": "SUSE Bug 1247251 for CVE-2025-38425",
"url": "https://bugzilla.suse.com/1247251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38425"
},
{
"cve": "CVE-2025-38426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38426",
"url": "https://www.suse.com/security/cve/CVE-2025-38426"
},
{
"category": "external",
"summary": "SUSE Bug 1247252 for CVE-2025-38426",
"url": "https://bugzilla.suse.com/1247252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38426"
},
{
"cve": "CVE-2025-38428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\n\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it\u0027s always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment-\u003edata, rec-\u003edata, len);\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38428",
"url": "https://www.suse.com/security/cve/CVE-2025-38428"
},
{
"category": "external",
"summary": "SUSE Bug 1247150 for CVE-2025-38428",
"url": "https://bugzilla.suse.com/1247150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38428"
},
{
"cve": "CVE-2025-38429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: ep: Update read pointer only after buffer is written\n\nInside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated\nbefore the buffer is written, potentially causing race conditions where\nthe host sees an updated read pointer before the buffer is actually\nwritten. Updating rd_offset prematurely can lead to the host accessing\nan uninitialized or incomplete element, resulting in data corruption.\n\nInvoke the buffer write before updating rd_offset to ensure the element\nis fully written before signaling its availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38429",
"url": "https://www.suse.com/security/cve/CVE-2025-38429"
},
{
"category": "external",
"summary": "SUSE Bug 1247253 for CVE-2025-38429",
"url": "https://bugzilla.suse.com/1247253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38429"
},
{
"cve": "CVE-2025-38430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38430"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\n\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\n\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38430",
"url": "https://www.suse.com/security/cve/CVE-2025-38430"
},
{
"category": "external",
"summary": "SUSE Bug 1247160 for CVE-2025-38430",
"url": "https://bugzilla.suse.com/1247160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38430"
},
{
"cve": "CVE-2025-38436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A\u0027s job depends on a\nscheduled fence from application B\u0027s job, and that fence is not properly\nsignaled during the killing process, application A\u0027s dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38436",
"url": "https://www.suse.com/security/cve/CVE-2025-38436"
},
{
"category": "external",
"summary": "SUSE Bug 1247227 for CVE-2025-38436",
"url": "https://bugzilla.suse.com/1247227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38436"
},
{
"cve": "CVE-2025-38443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_genl_connect() error path\n\nThere is a use-after-free issue in nbd:\n\nblock nbd6: Receive control failed (result -104)\nblock nbd6: shutting down sockets\n==================================================================\nBUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022\nWrite of size 4 at addr ffff8880295de478 by task kworker/u33:0/67\n\nCPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: nbd6-recv recv_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline]\n recv_work+0x694/0xa80 drivers/block/nbd.c:1022\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nnbd_genl_connect() does not properly stop the device on certain\nerror paths after nbd_start_device() has been called. This causes\nthe error path to put nbd-\u003econfig while recv_work continue to use\nthe config after putting it, leading to use-after-free in recv_work.\n\nThis patch moves nbd_start_device() after the backend file creation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38443",
"url": "https://www.suse.com/security/cve/CVE-2025-38443"
},
{
"category": "external",
"summary": "SUSE Bug 1247164 for CVE-2025-38443",
"url": "https://bugzilla.suse.com/1247164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38443"
},
{
"cve": "CVE-2025-38448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix race condition in TTY wakeup\n\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\n\nUse the null-safe TTY Port helper function to wake up TTY.\n\nExample\n CPU1:\t\t\t CPU2:\n gserial_connect() // lock\n \t\t\t gs_close() // await lock\n gs_start_rx() // unlock\n usb_ep_queue()\n \t\t\t gs_close() // lock, reset port.tty and unlock\n gs_start_rx() // lock\n tty_wakeup() // NPE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38448",
"url": "https://www.suse.com/security/cve/CVE-2025-38448"
},
{
"category": "external",
"summary": "SUSE Bug 1247233 for CVE-2025-38448",
"url": "https://bugzilla.suse.com/1247233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38448"
},
{
"cve": "CVE-2025-38449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38449"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer\u0027s GEM buffer objects prevents\nthis from happening. The framebuffer\u0027s cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38449",
"url": "https://www.suse.com/security/cve/CVE-2025-38449"
},
{
"category": "external",
"summary": "SUSE Bug 1247255 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247255"
},
{
"category": "external",
"summary": "SUSE Bug 1247258 for CVE-2025-38449",
"url": "https://bugzilla.suse.com/1247258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38449"
},
{
"cve": "CVE-2025-38455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38455"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight\n\nReject migration of SEV{-ES} state if either the source or destination VM\nis actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the\nsection between incrementing created_vcpus and online_vcpus. The bulk of\nvCPU creation runs _outside_ of kvm-\u003elock to allow creating multiple vCPUs\nin parallel, and so sev_info.es_active can get toggled from false=\u003etrue in\nthe destination VM after (or during) svm_vcpu_create(), resulting in an\nSEV{-ES} VM effectively having a non-SEV{-ES} vCPU.\n\nThe issue manifests most visibly as a crash when trying to free a vCPU\u0027s\nNULL VMSA page in an SEV-ES VM, but any number of things can go wrong.\n\n BUG: unable to handle page fault for address: ffffebde00000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 227 UID: 0 PID: 64063 Comm: syz.5.60023 Tainted: G U O 6.15.0-smp-DEV #2 NONE\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:206 [inline]\n RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:238 [inline]\n RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]\n RIP: 0010:PageHead include/linux/page-flags.h:866 [inline]\n RIP: 0010:___free_pages+0x3e/0x120 mm/page_alloc.c:5067\n Code: \u003c49\u003e f7 06 40 00 00 00 75 05 45 31 ff eb 0c 66 90 4c 89 f0 4c 39 f0\n RSP: 0018:ffff8984551978d0 EFLAGS: 00010246\n RAX: 0000777f80000001 RBX: 0000000000000000 RCX: ffffffff918aeb98\n RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffebde00000000\n RBP: 0000000000000000 R08: ffffebde00000007 R09: 1ffffd7bc0000000\n R10: dffffc0000000000 R11: fffff97bc0000001 R12: dffffc0000000000\n R13: ffff8983e19751a8 R14: ffffebde00000000 R15: 1ffffd7bc0000000\n FS: 0000000000000000(0000) GS:ffff89ee661d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffebde00000000 CR3: 000000793ceaa000 CR4: 0000000000350ef0\n DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n sev_free_vcpu+0x413/0x630 arch/x86/kvm/svm/sev.c:3169\n svm_vcpu_free+0x13a/0x2a0 arch/x86/kvm/svm/svm.c:1515\n kvm_arch_vcpu_destroy+0x6a/0x1d0 arch/x86/kvm/x86.c:12396\n kvm_vcpu_destroy virt/kvm/kvm_main.c:470 [inline]\n kvm_destroy_vcpus+0xd1/0x300 virt/kvm/kvm_main.c:490\n kvm_arch_destroy_vm+0x636/0x820 arch/x86/kvm/x86.c:12895\n kvm_put_kvm+0xb8e/0xfb0 virt/kvm/kvm_main.c:1310\n kvm_vm_release+0x48/0x60 virt/kvm/kvm_main.c:1369\n __fput+0x3e4/0x9e0 fs/file_table.c:465\n task_work_run+0x1a9/0x220 kernel/task_work.c:227\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x7f0/0x25b0 kernel/exit.c:953\n do_group_exit+0x203/0x2d0 kernel/exit.c:1102\n get_signal+0x1357/0x1480 kernel/signal.c:3034\n arch_do_signal_or_restart+0x40/0x690 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x67/0xb0 kernel/entry/common.c:218\n do_syscall_64+0x7c/0x150 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f87a898e969\n \u003c/TASK\u003e\n Modules linked in: gq(O)\n gsmi: Log Shutdown Reason 0x03\n CR2: ffffebde00000000\n ---[ end trace 0000000000000000 ]---\n\nDeliberately don\u0027t check for a NULL VMSA when freeing the vCPU, as crashing\nthe host is likely desirable due to the VMSA being consumed by hardware.\nE.g. if KVM manages to allow VMRUN on the vCPU, hardware may read/write a\nbogus VMSA page. Accessing P\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38455",
"url": "https://www.suse.com/security/cve/CVE-2025-38455"
},
{
"category": "external",
"summary": "SUSE Bug 1247101 for CVE-2025-38455",
"url": "https://bugzilla.suse.com/1247101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38455"
},
{
"cve": "CVE-2025-38457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\n\nLion\u0027s patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs\u0027 init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\n\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\n\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc\u0027s qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\n\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn\u0027t correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38457",
"url": "https://www.suse.com/security/cve/CVE-2025-38457"
},
{
"category": "external",
"summary": "SUSE Bug 1247098 for CVE-2025-38457",
"url": "https://bugzilla.suse.com/1247098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38457"
},
{
"cve": "CVE-2025-38460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\n\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\n\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops-\u003esolicit() is unsleepable.\n\nAlso, there is no RTNL dependency around atmarpd.\n\nLet\u0027s use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38460",
"url": "https://www.suse.com/security/cve/CVE-2025-38460"
},
{
"category": "external",
"summary": "SUSE Bug 1247143 for CVE-2025-38460",
"url": "https://bugzilla.suse.com/1247143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38460"
},
{
"cve": "CVE-2025-38461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_* TOCTOU\n\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\n\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\n\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\n vsock_connect+0x59c/0xc40\n __sys_connect+0xe8/0x100\n __x64_sys_connect+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38461",
"url": "https://www.suse.com/security/cve/CVE-2025-38461"
},
{
"category": "external",
"summary": "SUSE Bug 1247103 for CVE-2025-38461",
"url": "https://bugzilla.suse.com/1247103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38461"
},
{
"cve": "CVE-2025-38462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38462",
"url": "https://www.suse.com/security/cve/CVE-2025-38462"
},
{
"category": "external",
"summary": "SUSE Bug 1247104 for CVE-2025-38462",
"url": "https://bugzilla.suse.com/1247104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38462"
},
{
"cve": "CVE-2025-38463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Correct signedness in skb remaining space calculation\n\nSyzkaller reported a bug [1] where sk-\u003esk_forward_alloc can overflow.\n\nWhen we send data, if an skb exists at the tail of the write queue, the\nkernel will attempt to append the new data to that skb. However, the code\nthat checks for available space in the skb is flawed:\n\u0027\u0027\u0027\ncopy = size_goal - skb-\u003elen\n\u0027\u0027\u0027\n\nThe types of the variables involved are:\n\u0027\u0027\u0027\ncopy: ssize_t (s64 on 64-bit systems)\nsize_goal: int\nskb-\u003elen: unsigned int\n\u0027\u0027\u0027\n\nDue to C\u0027s type promotion rules, the signed size_goal is converted to an\nunsigned int to match skb-\u003elen before the subtraction. The result is an\nunsigned int.\n\nWhen this unsigned int result is then assigned to the s64 copy variable,\nit is zero-extended, preserving its non-negative value. Consequently, copy\nis always \u003e= 0.\n\nAssume we are sending 2GB of data and size_goal has been adjusted to a\nvalue smaller than skb-\u003elen. The subtraction will result in copy holding a\nvery large positive integer. In the subsequent logic, this large value is\nused to update sk-\u003esk_forward_alloc, which can easily cause it to overflow.\n\nThe syzkaller reproducer uses TCP_REPAIR to reliably create this\ncondition. However, this can also occur in real-world scenarios. The\ntcp_bound_to_half_wnd() function can also reduce size_goal to a small\nvalue. This would cause the subsequent tcp_wmem_schedule() to set\nsk-\u003esk_forward_alloc to a value close to INT_MAX. Further memory\nallocation requests would then cause sk_forward_alloc to wrap around and\nbecome negative.\n\n[1]: https://syzkaller.appspot.com/bug?extid=de6565462ab540f50e47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38463",
"url": "https://www.suse.com/security/cve/CVE-2025-38463"
},
{
"category": "external",
"summary": "SUSE Bug 1247113 for CVE-2025-38463",
"url": "https://bugzilla.suse.com/1247113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38463"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38467"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n\nIf there\u0027s support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\n\n Unable to handle kernel NULL pointer dereference at virtual address 000000000000000\n Call trace:\n drm_crtc_handle_vblank+0x10/0x30 (P)\n decon_irq_handler+0x88/0xb4\n [...]\n\nOtherwise, the panics don\u0027t happen. This indicates that it\u0027s some sort\nof race condition.\n\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38467",
"url": "https://www.suse.com/security/cve/CVE-2025-38467"
},
{
"category": "external",
"summary": "SUSE Bug 1247146 for CVE-2025-38467",
"url": "https://bugzilla.suse.com/1247146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38467"
},
{
"cve": "CVE-2025-38468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38468"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n\nhtb_lookup_leaf has a BUG_ON that can trigger with the following:\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle 2: netem\ntc qdisc add dev lo parent 2:1 handle 3: blackhole\nping -I lo -c1 -W0.001 127.0.0.1\n\nThe root cause is the following:\n\n1. htb_dequeue calls htb_dequeue_tree which calls the dequeue handler on\n the selected leaf qdisc\n2. netem_dequeue calls enqueue on the child qdisc\n3. blackhole_enqueue drops the packet and returns a value that is not\n just NET_XMIT_SUCCESS\n4. Because of this, netem_dequeue calls qdisc_tree_reduce_backlog, and\n since qlen is now 0, it calls htb_qlen_notify -\u003e htb_deactivate -\u003e\n htb_deactiviate_prios -\u003e htb_remove_class_from_row -\u003e htb_safe_rb_erase\n5. As this is the only class in the selected hprio rbtree,\n __rb_change_child in __rb_erase_augmented sets the rb_root pointer to\n NULL\n6. Because blackhole_dequeue returns NULL, netem_dequeue returns NULL,\n which causes htb_dequeue_tree to call htb_lookup_leaf with the same\n hprio rbtree, and fail the BUG_ON\n\nThe function graph for this scenario is shown here:\n 0) | htb_enqueue() {\n 0) + 13.635 us | netem_enqueue();\n 0) 4.719 us | htb_activate_prios();\n 0) # 2249.199 us | }\n 0) | htb_dequeue() {\n 0) 2.355 us | htb_lookup_leaf();\n 0) | netem_dequeue() {\n 0) + 11.061 us | blackhole_enqueue();\n 0) | qdisc_tree_reduce_backlog() {\n 0) | qdisc_lookup_rcu() {\n 0) 1.873 us | qdisc_match_from_root();\n 0) 6.292 us | }\n 0) 1.894 us | htb_search();\n 0) | htb_qlen_notify() {\n 0) 2.655 us | htb_deactivate_prios();\n 0) 6.933 us | }\n 0) + 25.227 us | }\n 0) 1.983 us | blackhole_dequeue();\n 0) + 86.553 us | }\n 0) # 2932.761 us | qdisc_warn_nonwc();\n 0) | htb_lookup_leaf() {\n 0) | BUG_ON();\n ------------------------------------------\n\nThe full original bug report can be seen here [1].\n\nWe can fix this just by returning NULL instead of the BUG_ON,\nas htb_dequeue_tree returns NULL when htb_lookup_leaf returns\nNULL.\n\n[1] https://lore.kernel.org/netdev/pF5XOOIim0IuEfhI-SOxTgRvNoDwuux7UHKnE_Y5-zVd4wmGvNk2ceHjKb8ORnzw0cGwfmVu42g9dL7XyJLf1NEzaztboTWcm0Ogxuojoeo=@willsroot.io/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38468",
"url": "https://www.suse.com/security/cve/CVE-2025-38468"
},
{
"category": "external",
"summary": "SUSE Bug 1247437 for CVE-2025-38468",
"url": "https://bugzilla.suse.com/1247437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n\nAssuming the \"rx-vlan-filter\" feature is enabled on a net device, the\n8021q module will automatically add or remove VLAN 0 when the net device\nis put administratively up or down, respectively. There are a couple of\nproblems with the above scheme.\n\nThe first problem is a memory leak that can happen if the \"rx-vlan-filter\"\nfeature is disabled while the device is running:\n\n # ip link add bond1 up type bond mode 0\n # ethtool -K bond1 rx-vlan-filter off\n # ip link del dev bond1\n\nWhen the device is put administratively down the \"rx-vlan-filter\"\nfeature is disabled, so the 8021q module will not remove VLAN 0 and the\nmemory will be leaked [1].\n\nAnother problem that can happen is that the kernel can automatically\ndelete VLAN 0 when the device is put administratively down despite not\nadding it when the device was put administratively up since during that\ntime the \"rx-vlan-filter\" feature was disabled. null-ptr-unref or\nbug_on[2] will be triggered by unregister_vlan_dev() for refcount\nimbalance if toggling filtering during runtime:\n\n$ ip link add bond0 type bond mode 0\n$ ip link add link bond0 name vlan0 type vlan id 0 protocol 802.1q\n$ ethtool -K bond0 rx-vlan-filter off\n$ ifconfig bond0 up\n$ ethtool -K bond0 rx-vlan-filter on\n$ ifconfig bond0 down\n$ ip link del vlan0\n\nRoot cause is as below:\nstep1: add vlan0 for real_dev, such as bond, team.\nregister_vlan_dev\n vlan_vid_add(real_dev,htons(ETH_P_8021Q),0) //refcnt=1\nstep2: disable vlan filter feature and enable real_dev\nstep3: change filter from 0 to 1\nvlan_device_event\n vlan_filter_push_vids\n ndo_vlan_rx_add_vid //No refcnt added to real_dev vlan0\nstep4: real_dev down\nvlan_device_event\n vlan_vid_del(dev, htons(ETH_P_8021Q), 0); //refcnt=0\n vlan_info_rcu_free //free vlan0\nstep5: delete vlan0\nunregister_vlan_dev\n BUG_ON(!vlan_info); //vlan_info is null\n\nFix both problems by noting in the VLAN info whether VLAN 0 was\nautomatically added upon NETDEV_UP and based on that decide whether it\nshould be deleted upon NETDEV_DOWN, regardless of the state of the\n\"rx-vlan-filter\" feature.\n\n[1]\nunreferenced object 0xffff8880068e3100 (size 256):\n comm \"ip\", pid 384, jiffies 4296130254\n hex dump (first 32 bytes):\n 00 20 30 0d 80 88 ff ff 00 00 00 00 00 00 00 00 . 0.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 81ce31fa):\n __kmalloc_cache_noprof+0x2b5/0x340\n vlan_vid_add+0x434/0x940\n vlan_device_event.cold+0x75/0xa8\n notifier_call_chain+0xca/0x150\n __dev_notify_flags+0xe3/0x250\n rtnl_configure_link+0x193/0x260\n rtnl_newlink_create+0x383/0x8e0\n __rtnl_newlink+0x22c/0xa40\n rtnl_newlink+0x627/0xb00\n rtnetlink_rcv_msg+0x6fb/0xb70\n netlink_rcv_skb+0x11f/0x350\n netlink_unicast+0x426/0x710\n netlink_sendmsg+0x75a/0xc20\n __sock_sendmsg+0xc1/0x150\n ____sys_sendmsg+0x5aa/0x7b0\n ___sys_sendmsg+0xfc/0x180\n\n[2]\nkernel BUG at net/8021q/vlan.c:99!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 382 Comm: ip Not tainted 6.16.0-rc3 #61 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_vlan_dev (net/8021q/vlan.c:99 (discriminator 1))\nRSP: 0018:ffff88810badf310 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810da84000 RCX: ffffffffb47ceb9a\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88810e8b43c8\nRBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6cefe80\nR10: ffffffffb677f407 R11: ffff88810badf3c0 R12: ffff88810e8b4000\nR13: 0000000000000000 R14: ffff88810642a5c0 R15: 000000000000017e\nFS: 00007f1ff68c20c0(0000) GS:ffff888163a24000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1ff5dad240 CR3: 0000000107e56000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38470",
"url": "https://www.suse.com/security/cve/CVE-2025-38470"
},
{
"category": "external",
"summary": "SUSE Bug 1247288 for CVE-2025-38470",
"url": "https://bugzilla.suse.com/1247288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\n\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\n\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan-\u003edata is NULL.\n\nLet\u0027s not access to the killed socket in l2cap_sock_resume_cb().\n\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\n\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_report+0x58/0x84 mm/kasan/report.c:524\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\n instrument_atomic_write include/linux/instrumented.h:82 [inline]\n clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\n l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\n l2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\n hci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\n hci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\n hci_event_func net/bluetooth/hci_event.c:7511 [inline]\n hci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\n hci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\n process_one_work+0x7e8/0x155c kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3321 [inline]\n worker_thread+0x958/0xed8 kernel/workqueue.c:3402\n kthread+0x5fc/0x75c kernel/kthread.c:464\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38473",
"url": "https://www.suse.com/security/cve/CVE-2025-38473"
},
{
"category": "external",
"summary": "SUSE Bug 1247289 for CVE-2025-38473",
"url": "https://bugzilla.suse.com/1247289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38474"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: net: sierra: check for no status endpoint\n\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38474",
"url": "https://www.suse.com/security/cve/CVE-2025-38474"
},
{
"category": "external",
"summary": "SUSE Bug 1247311 for CVE-2025-38474",
"url": "https://bugzilla.suse.com/1247311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpl: Fix use-after-free in rpl_do_srh_inline().\n\nRunning lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers\nthe splat below [0].\n\nrpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after\nskb_cow_head(), which is illegal as the header could be freed then.\n\nLet\u0027s fix it by making oldhdr to a local struct instead of a pointer.\n\n[0]:\n[root@fedora net]# ./lwt_dst_cache_ref_loop.sh\n...\nTEST: rpl (input)\n[ 57.631529] ==================================================================\nBUG: KASAN: slab-use-after-free in rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\nRead of size 40 at addr ffff888122bf96d8 by task ping6/1543\n\nCPU: 50 UID: 0 PID: 1543 Comm: ping6 Not tainted 6.16.0-rc5-01302-gfadd1e6231b1 #23 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636)\n kasan_check_range (mm/kasan/generic.c:175 (discriminator 1) mm/kasan/generic.c:189 (discriminator 1))\n __asan_memmove (mm/kasan/shadow.c:94 (discriminator 2))\n rpl_do_srh_inline.isra.0 (net/ipv6/rpl_iptunnel.c:174)\n rpl_input (net/ipv6/rpl_iptunnel.c:201 net/ipv6/rpl_iptunnel.c:282)\n lwtunnel_input (net/core/lwtunnel.c:459)\n ipv6_rcv (./include/net/dst.h:471 (discriminator 1) ./include/net/dst.h:469 (discriminator 1) net/ipv6/ip6_input.c:79 (discriminator 1) ./include/linux/netfilter.h:317 (discriminator 1) ./include/linux/netfilter.h:311 (discriminator 1) net/ipv6/ip6_input.c:311 (discriminator 1))\n __netif_receive_skb_one_core (net/core/dev.c:5967)\n process_backlog (./include/linux/rcupdate.h:869 net/core/dev.c:6440)\n __napi_poll.constprop.0 (net/core/dev.c:7452)\n net_rx_action (net/core/dev.c:7518 net/core/dev.c:7643)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480 (discriminator 20))\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:407)\n __dev_queue_xmit (net/core/dev.c:4740)\n ip6_finish_output2 (./include/linux/netdevice.h:3358 ./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:141)\n ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)\n ip6_output (./include/linux/netfilter.h:306 net/ipv6/ip6_output.c:248)\n ip6_send_skb (net/ipv6/ip6_output.c:1983)\n rawv6_sendmsg (net/ipv6/raw.c:588 net/ipv6/raw.c:918)\n __sys_sendto (net/socket.c:714 (discriminator 1) net/socket.c:729 (discriminator 1) net/socket.c:2228 (discriminator 1))\n __x64_sys_sendto (net/socket.c:2231)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f68cffb2a06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007ffefb7c53d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000564cd69f10a0 RCX: 00007f68cffb2a06\nRDX: 0000000000000040 RSI: 0000564cd69f10a4 RDI: 0000000000000003\nRBP: 00007ffefb7c53f0 R08: 0000564cd6a032ac R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000202 R12: 0000564cd69f10a4\nR13: 0000000000000040 R14: 00007ffefb7c66e0 R15: 0000564cd69f10a0\n \u003c/TASK\u003e\n\nAllocated by task 1543:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\n kmem_cache_alloc_node_noprof (./include/linux/kasan.h:250 mm/slub.c:4148 mm/slub.c:4197 mm/slub.c:4249)\n kmalloc_reserve (net/core/skbuff.c:581 (discriminator 88))\n __alloc_skb (net/core/skbuff.c:669)\n __ip6_append_data (net/ipv6/ip6_output.c:1672 (discriminator 1))\n ip6_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38476",
"url": "https://www.suse.com/security/cve/CVE-2025-38476"
},
{
"category": "external",
"summary": "SUSE Bug 1247317 for CVE-2025-38476",
"url": "https://bugzilla.suse.com/1247317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\n\nA race condition can occur when \u0027agg\u0027 is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\n\nThis patch addresses the issue by:\n\n1. Moved qfq_destroy_class into the critical section.\n\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38477",
"url": "https://www.suse.com/security/cve/CVE-2025-38477"
},
{
"category": "external",
"summary": "SUSE Bug 1247314 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247314"
},
{
"category": "external",
"summary": "SUSE Bug 1247315 for CVE-2025-38477",
"url": "https://bugzilla.suse.com/1247315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38478"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix initialization of data for instructions that write to subdevice\n\nSome Comedi subdevice instruction handlers are known to access\ninstruction data elements beyond the first `insn-\u003en` elements in some\ncases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions\nallocate at least `MIN_SAMPLES` (16) data elements to deal with this,\nbut they do not initialize all of that. For Comedi instruction codes\nthat write to the subdevice, the first `insn-\u003en` data elements are\ncopied from user-space, but the remaining elements are left\nuninitialized. That could be a problem if the subdevice instruction\nhandler reads the uninitialized data. Ensure that the first\n`MIN_SAMPLES` elements are initialized before calling these instruction\nhandlers, filling the uncopied elements with 0. For\n`do_insnlist_ioctl()`, the same data buffer elements are used for\nhandling a list of instructions, so ensure the first `MIN_SAMPLES`\nelements are initialized for each instruction that writes to the\nsubdevice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38478",
"url": "https://www.suse.com/security/cve/CVE-2025-38478"
},
{
"category": "external",
"summary": "SUSE Bug 1247273 for CVE-2025-38478",
"url": "https://bugzilla.suse.com/1247273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions. In that case, the subdevice\u0027s `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\n\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory. It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated. However, if `insn-\u003en` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`. This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\n\nFix it by returning 0 early if `insn-\u003en` is 0, before reaching the code\nthat accesses `data[0]`. Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn-\u003en`, which is 0 in this case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38480",
"url": "https://www.suse.com/security/cve/CVE-2025-38480"
},
{
"category": "external",
"summary": "SUSE Bug 1247274 for CVE-2025-38480",
"url": "https://bugzilla.suse.com/1247274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n\nThe handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to\nhold the array of `struct comedi_insn`, getting the length from the\n`n_insns` member of the `struct comedi_insnlist` supplied by the user.\nThe allocation will fail with a WARNING and a stack dump if it is too\nlarge.\n\nAvoid that by failing with an `-EINVAL` error if the supplied `n_insns`\nvalue is unreasonable.\n\nDefine the limit on the `n_insns` value in the `MAX_INSNS` macro. Set\nthis to the same value as `MAX_SAMPLES` (65536), which is the maximum\nallowed sum of the values of the member `n` in the array of `struct\ncomedi_insn`, and sensible comedi instructions will have an `n` of at\nleast 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38481",
"url": "https://www.suse.com/security/cve/CVE-2025-38481"
},
{
"category": "external",
"summary": "SUSE Bug 1247276 for CVE-2025-38481",
"url": "https://bugzilla.suse.com/1247276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "low"
}
],
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38482"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das6402: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0x8cec) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test. Valid `it-\u003eoptions[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38482",
"url": "https://www.suse.com/security/cve/CVE-2025-38482"
},
{
"category": "external",
"summary": "SUSE Bug 1247277 for CVE-2025-38482",
"url": "https://bugzilla.suse.com/1247277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38483"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: das16m1: Fix bit shift out of bounds\n\nWhen checking for a supported IRQ number, the following test is used:\n\n\t/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\n\tif ((1 \u003c\u003c it-\u003eoptions[1]) \u0026 0xdcfc) {\n\nHowever, `it-\u003eoptions[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds. Fix the test by\nrequiring `it-\u003eoptions[1]` to be within bounds before proceeding with\nthe original test.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38483",
"url": "https://www.suse.com/security/cve/CVE-2025-38483"
},
{
"category": "external",
"summary": "SUSE Bug 1247278 for CVE-2025-38483",
"url": "https://bugzilla.suse.com/1247278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38485",
"url": "https://www.suse.com/security/cve/CVE-2025-38485"
},
{
"category": "external",
"summary": "SUSE Bug 1247236 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247236"
},
{
"category": "external",
"summary": "SUSE Bug 1247237 for CVE-2025-38485",
"url": "https://bugzilla.suse.com/1247237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: lpc-snoop: Don\u0027t disable channels that aren\u0027t enabled\n\nMitigate e.g. the following:\n\n # echo 1e789080.lpc-snoop \u003e /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n ...\n [ 120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n [ 120.373866] [00000004] *pgd=00000000\n [ 120.377910] Internal error: Oops: 805 [#1] SMP ARM\n [ 120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n ...\n [ 120.679543] Call trace:\n [ 120.679559] misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n [ 120.692462] aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n [ 120.700996] platform_remove from device_release_driver_internal+0x188/0x200\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38487",
"url": "https://www.suse.com/security/cve/CVE-2025-38487"
},
{
"category": "external",
"summary": "SUSE Bug 1247238 for CVE-2025-38487",
"url": "https://bugzilla.suse.com/1247238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38489"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again\n\nCommit 7ded842b356d (\"s390/bpf: Fix bpf_plt pointer arithmetic\") has\naccidentally removed the critical piece of commit c730fce7c70c\n(\"s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL\"), causing\nintermittent kernel panics in e.g. perf\u0027s on_switch() prog to reappear.\n\nRestore the fix and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38489",
"url": "https://www.suse.com/security/cve/CVE-2025-38489"
},
{
"category": "external",
"summary": "SUSE Bug 1247241 for CVE-2025-38489",
"url": "https://bugzilla.suse.com/1247241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: fix sched in atomic context\n\nIf \"try_verify_in_tasklet\" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP\nis enabled for dm-bufio. However, when bufio tries to evict buffers, there\nis a chance to trigger scheduling in spin_lock_bh, the following warning\nis hit:\n\nBUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2745\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 123, name: kworker/2:2\npreempt_count: 201, expected: 0\nRCU nest depth: 0, expected: 0\n4 locks held by kworker/2:2/123:\n #0: ffff88800a2d1548 ((wq_completion)dm_bufio_cache){....}-{0:0}, at: process_one_work+0xe46/0x1970\n #1: ffffc90000d97d20 ((work_completion)(\u0026dm_bufio_replacement_work)){....}-{0:0}, at: process_one_work+0x763/0x1970\n #2: ffffffff8555b528 (dm_bufio_clients_lock){....}-{3:3}, at: do_global_cleanup+0x1ce/0x710\n #3: ffff88801d5820b8 (\u0026c-\u003espinlock){....}-{2:2}, at: do_global_cleanup+0x2a5/0x710\nPreemption disabled at:\n[\u003c0000000000000000\u003e] 0x0\nCPU: 2 UID: 0 PID: 123 Comm: kworker/2:2 Not tainted 6.16.0-rc3-g90548c634bd0 #305 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: dm_bufio_cache do_global_cleanup\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n __might_resched+0x360/0x4e0\n do_global_cleanup+0x2f5/0x710\n process_one_work+0x7db/0x1970\n worker_thread+0x518/0xea0\n kthread+0x359/0x690\n ret_from_fork+0xf3/0x1b0\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThat can be reproduced by:\n\n veritysetup format --data-block-size=4096 --hash-block-size=4096 /dev/vda /dev/vdb\n SIZE=$(blockdev --getsz /dev/vda)\n dmsetup create myverity -r --table \"0 $SIZE verity 1 /dev/vda /dev/vdb 4096 4096 \u003cdata_blocks\u003e 1 sha256 \u003croot_hash\u003e \u003csalt\u003e 1 try_verify_in_tasklet\"\n mount /dev/dm-0 /mnt -o ro\n echo 102400 \u003e /sys/module/dm_bufio/parameters/max_cache_size_bytes\n [read files in /mnt]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38496",
"url": "https://www.suse.com/security/cve/CVE-2025-38496"
},
{
"category": "external",
"summary": "SUSE Bug 1247284 for CVE-2025-38496",
"url": "https://bugzilla.suse.com/1247284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38497"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Fix OOB read on empty string write\n\nWhen writing an empty string to either \u0027qw_sign\u0027 or \u0027landingPage\u0027\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length \u0027l\u0027 is greater than zero.\n\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38497",
"url": "https://www.suse.com/security/cve/CVE-2025-38497"
},
{
"category": "external",
"summary": "SUSE Bug 1247347 for CVE-2025-38497",
"url": "https://bugzilla.suse.com/1247347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-38497"
},
{
"cve": "CVE-2025-38498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38498"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38498",
"url": "https://www.suse.com/security/cve/CVE-2025-38498"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1247499 for CVE-2025-38498",
"url": "https://bugzilla.suse.com/1247499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.48.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.48.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.48.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T06:22:23Z",
"details": "important"
}
],
"title": "CVE-2025-38498"
}
]
}
SUSE-SU-2025:02996-1
Vulnerability from csaf_suse - Published: 2025-08-27 12:02 - Updated: 2025-08-27 12:02Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (1230216).
- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- Fix dma_unmap_sg() nents value (git-fixes)
- Logitech C-270 even more broken (stable-fixes).
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- acpi: LPSS: Remove AudioDSP related ID (git-fixes).
- acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- acpi: processor: perflib: Fix initial _PPC limit application (git-fixes).
- acpica: Refuse to evaluate a method if arguments are missing (stable-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- alsa: hda/tegra: Add Tegra264 support (stable-fixes).
- alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- alsa: hda: Ignore unsol events for cards being shut down (stable-fixes).
- alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- asoc: amd: yc: update quirk data for HP Victus (stable-fixes).
- asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- documentation: ACPI: Fix parent device references (git-fixes).
- documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- hid: core: do not bypass hid_hw_raw_request (stable-fixes).
- hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- input: iqs7222 - explicitly define number of external channels (git-fixes).
- input: xpad - adjust error handling for disconnect (git-fixes).
- input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- input: xpad - support Acer NGR 200 Controller (stable-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nfsv4.2: another fix for listxattr (git-fixes).
- nfsv4.2: fix listxattr to return selinux security label (git-fixes).
- nfsv4/pnfs: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- nfsv4: Always set NLINK even if the server does not support it (git-fixes).
- nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- pci: endpoint: Fix configfs group list head handling (git-fixes).
- pci: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- pm / devfreq: Check governor before using governor->name (git-fixes).
- pnfs/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- rdma/core: Rate limit GID cache warning messages (git-fixes)
- rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- rdma/hns: Drop GFP_NOWARN (git-fixes)
- rdma/hns: Fix -Wframe-larger-than issue (git-fixes)
- rdma/hns: Fix HW configurations not cleared in error flow (git-fixes)
- rdma/hns: Fix accessing uninitialized resources (git-fixes)
- rdma/hns: Fix double destruction of rsv_qp (git-fixes)
- rdma/hns: Get message length of ack_req from FW (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- rdma/mlx5: Fix CC counters query for MPV (git-fixes)
- rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- rdma/mlx5: Fix vport loopback for MPV device (git-fixes)
- rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Copyright updates for 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- supported.conf: add missing entries for armv7hl
- supported.conf: move nvme-apple to optional again
- supported.conf: sort entries again
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- usb: serial: option: add Foxconn T99W640 (stable-fixes).
- usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
Patchnames
SUSE-2025-2996,SUSE-SLE-Module-Basesystem-15-SP6-2025-2996,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2996,SUSE-SLE-Module-Legacy-15-SP6-2025-2996,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2996,SUSE-SLE-Product-HA-15-SP6-2025-2996,SUSE-SLE-Product-WE-15-SP6-2025-2996,openSUSE-SLE-15.6-2025-2996
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).